Validate ClientHello session_id field length and send alert on failure

RT#4080

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 4289272b73d3dc29691de99d29a37ecf8090fefd..5e2e0acc357cfd92c8e998d86aa80262c4fd4eef 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -598,6 +598,11 @@ static int get_client_hello(SSL *s)
         s->s2->tmp.cipher_spec_length = i;
         n2s(p, i);
         s->s2->tmp.session_id_length = i;
+        if ((i < 0) || (i > SSL_MAX_SSL_SESSION_ID_LENGTH)) {
+            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+            SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+            return -1;
+        }
         n2s(p, i);
         s->s2->challenge_length = i;
         if ((i < SSL2_MIN_CHALLENGE_LENGTH) ||

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 4626a0963523b43d7c80b67a0a9f11a1063b3369..7eb7ea681eb0fd46fc417f66de9478a843f92d39 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1064,6 +1064,12 @@ int ssl3_get_client_hello(SSL *s)
         goto f_err;
     }
 
+    if ((j < 0) || (j > SSL_MAX_SSL_SESSION_ID_LENGTH)) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+
     s->hit = 0;
     /*
      * Versions before 0.9.7 always allow clients to resume sessions in

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index de4c59e21fecb6c1b8b141b36f1e83c3c41d3de2..48fc4511f1fe8dbaef5dea6b8f6c7983a48c9f0e 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -602,9 +602,6 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
     int r;
 #endif
 
-    if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH)
-        goto err;
-
     if (session_id + len > limit) {
         fatal = 1;
         goto err;