Check that the PSK extension is last

author Matt Caswell <matt@openssl.org>

Fri, 10 Mar 2017 13:53:53 +0000 (13:53 +0000)

committer Matt Caswell <matt@openssl.org>

Fri, 10 Mar 2017 15:24:12 +0000 (15:24 +0000)
author Matt Caswell <matt@openssl.org>
Fri, 10 Mar 2017 13:53:53 +0000 (13:53 +0000)
committer Matt Caswell <matt@openssl.org>
Fri, 10 Mar 2017 15:24:12 +0000 (15:24 +0000)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c

index fab9bcb3d4367deea5b47861727457375ee9b6c7..ffacd41cf91d77b80c81f8cf5d97107fcf78716d 100644 (file)
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -447,10 +447,14 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
          }
          /*
           * Verify this extension is allowed. We only check duplicates for
-         * extensions that we recognise.
+         * extensions that we recognise. We also have a special case for the
+         * PSK extension, which must be the last one in the ClientHello.
           */
          if (!verify_extension(s, context, type, exts, raw_extensions, &thisex)
-                || (thisex != NULL && thisex->present == 1)) {
+                || (thisex != NULL && thisex->present == 1)
+                || (type == TLSEXT_TYPE_psk
+                    && (context & EXT_CLIENT_HELLO) != 0
+                    && PACKET_remaining(&extensions) != 0)) {
              SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_BAD_EXTENSION);
              *al = SSL_AD_ILLEGAL_PARAMETER;
              goto err;
author	Matt Caswell <matt@openssl.org>
	Fri, 10 Mar 2017 13:53:53 +0000 (13:53 +0000)
committer	Matt Caswell <matt@openssl.org>
	Fri, 10 Mar 2017 15:24:12 +0000 (15:24 +0000)