diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-02-10 20:08:49 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-02-10 20:08:49 +0000 |
commit | c489ea7d01c24202515c4147080c70258c75cbcf (patch) | |
tree | 826a51d62ec6c8387dc5b4e80c814385a075e329 /ssl | |
parent | 26c6857a591e5a98a934569fdeabc139d24545c9 (diff) |
PR: 2704
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Fix srp extension.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_lib.c | 2 | ||||
-rw-r--r-- | ssl/t1_lib.c | 52 |
2 files changed, 35 insertions, 19 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 75d716e88f..db75479c38 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3589,7 +3589,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ctx->srp_ctx.login = NULL; if (parg == NULL) break; - if (strlen((char *)parg) > 254) + if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) { SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); return 0; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9349654f1d..4745c1fec5 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -432,25 +432,29 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha } #ifndef OPENSSL_NO_SRP -#define MIN(x,y) (((x)<(y))?(x):(y)) - /* we add SRP username the first time only if we have one! */ + /* Add SRP username if there is one */ if (s->srp_ctx.login != NULL) - {/* Add TLS extension SRP username to the Client Hello message */ - int login_len = MIN(strlen(s->srp_ctx.login) + 1, 255); - long lenmax; + { /* Add TLS extension SRP username to the Client Hello message */ - if ((lenmax = limit - ret - 5) < 0) return NULL; - if (login_len > lenmax) return NULL; - if (login_len > 255) + int login_len = strlen(s->srp_ctx.login); + if (login_len > 255 || login_len == 0) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return NULL; - } + } + + /* check for enough space. + 4 for the srp type type and entension length + 1 for the srp user identity + + srp user identity length + */ + if ((limit - ret - 5 - login_len) < 0) return NULL; + + /* fill in the extension */ s2n(TLSEXT_TYPE_srp,ret); s2n(login_len+1,ret); - - (*ret++) = (unsigned char) MIN(strlen(s->srp_ctx.login), 254); - memcpy(ret, s->srp_ctx.login, MIN(strlen(s->srp_ctx.login), 254)); + (*ret++) = (unsigned char) login_len; + memcpy(ret, s->srp_ctx.login, login_len); ret+=login_len; } #endif @@ -1007,13 +1011,25 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in #ifndef OPENSSL_NO_SRP else if (type == TLSEXT_TYPE_srp) { - if (size > 0) + if (size <= 0 || ((len = data[0])) != (size -1)) { - len = data[0]; - if ((s->srp_ctx.login = OPENSSL_malloc(len+1)) == NULL) - return -1; - memcpy(s->srp_ctx.login, &data[1], len); - s->srp_ctx.login[len]='\0'; + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if (s->srp_ctx.login != NULL) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if ((s->srp_ctx.login = OPENSSL_malloc(len+1)) == NULL) + return -1; + memcpy(s->srp_ctx.login, &data[1], len); + s->srp_ctx.login[len]='\0'; + + if (strlen(s->srp_ctx.login) != len) + { + *al = SSL_AD_DECODE_ERROR; + return 0; } } #endif |