From fb9fa6b51defd48157eeb207f52181f735d96148 Mon Sep 17 00:00:00 2001 From: Peter Kaestle Date: Mon, 15 Mar 2021 13:19:56 +0100 Subject: ssl sigalg extension: fix NULL pointer dereference MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As the variable peer_sigalgslen is not cleared on ssl rehandshake, it's possible to crash an openssl tls secured server remotely by sending a manipulated hello message in a rehandshake. On such a manipulated rehandshake, tls1_set_shared_sigalgs() calls tls12_shared_sigalgs() with the peer_sigalgslen of the previous handshake, while the peer_sigalgs has been freed. As a result tls12_shared_sigalgs() walks over the available peer_sigalgs and tries to access data of a NULL pointer. This issue was introduced by c589c34e61 (Add support for the TLS 1.3 signature_algorithms_cert extension, 2018-01-11). Signed-off-by: Peter Kästle Signed-off-by: Samuel Sapalski CVE-2021-3449 CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Matt Caswell --- ssl/statem/extensions.c | 1 + 1 file changed, 1 insertion(+) (limited to 'ssl') diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index b055935d69..4aed508d0f 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1139,6 +1139,7 @@ static int init_sig_algs(SSL *s, unsigned int context) /* Clear any signature algorithms extension received */ OPENSSL_free(s->s3->tmp.peer_sigalgs); s->s3->tmp.peer_sigalgs = NULL; + s->s3->tmp.peer_sigalgslen = 0; return 1; } -- cgit v1.2.3