diff options
author | Alessandro Ghedini <alessandro@ghedini.me> | 2015-10-02 13:43:29 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-10-05 19:43:00 +0100 |
commit | 52a48f9eed73503c691056b5832b3eb04b95ea00 (patch) | |
tree | 73661de8526b42c2090d9415609c213438d7a2f4 /ssl | |
parent | 67202973cf55eaac021706c183377b8040cf0c20 (diff) |
Validate ClientHello extension field length
RT#4069
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/t1_lib.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index aeae5b0cba..4975c10853 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1927,6 +1927,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) if (!PACKET_get_net_2(pkt, &len)) goto err; + if (PACKET_remaining(pkt) != len) + goto err; + while (PACKET_get_net_2(pkt, &type) && PACKET_get_net_2(pkt, &size)) { PACKET subpkt; |