diff options
author | Matt Caswell <matt@openssl.org> | 2016-07-18 13:49:38 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-07-18 23:18:46 +0100 |
commit | e3ea3afd6d9cc05b207e76e49552f88ae28489c3 (patch) | |
tree | 101cbb4cd3c4c03ca1b49d6c1577027547ab72ec /ssl | |
parent | 05ec6a25f80ac8edfb7d7cb764d2dd68156a6965 (diff) |
Refactor Identity Hint handling
Don't call strncpy with strlen of the source as the length. Don't call
strlen multiple times. Eventually we will want to replace this with a proper
PACKET style handling (but for construction of PACKETs instead of just
reading them as it is now). For now though this is safe because
PSK_MAX_IDENTITY_LEN will always fit into the destination buffer.
This addresses an OCAP Audit issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem_srvr.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 82fced51dc..d38fc3a892 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1830,10 +1830,19 @@ int tls_construct_server_key_exchange(SSL *s) if (type & SSL_PSK) { /* copy PSK identity hint */ if (s->cert->psk_identity_hint) { - s2n(strlen(s->cert->psk_identity_hint), p); - strncpy((char *)p, s->cert->psk_identity_hint, - strlen(s->cert->psk_identity_hint)); - p += strlen(s->cert->psk_identity_hint); + size_t len = strlen(s->cert->psk_identity_hint); + if (len > PSK_MAX_IDENTITY_LEN) { + /* + * Should not happen - we already checked this when we set + * the identity hint + */ + SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + s2n(len, p); + memcpy(p, s->cert->psk_identity_hint, len); + p += len; } else { s2n(0, p); } |