Fix some instances of the wrong alert type being sent

author Matt Caswell <matt@openssl.org>

Wed, 31 Jan 2018 09:53:51 +0000 (09:53 +0000)

committer Matt Caswell <matt@openssl.org>

Thu, 1 Feb 2018 10:28:49 +0000 (10:28 +0000)
author Matt Caswell <matt@openssl.org>
Wed, 31 Jan 2018 09:53:51 +0000 (09:53 +0000)
committer Matt Caswell <matt@openssl.org>
Thu, 1 Feb 2018 10:28:49 +0000 (10:28 +0000)
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c

index dbb881223a500879da14fb91dab341b57fe2b1f8..5441e982676a40eb83a0a828010d86a6b003989d 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1273,7 +1273,7 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
  int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
                                   X509 *x, size_t chainidx)
  {
-    unsigned int ecpointformats_len;
+    size_t ecpointformats_len;
      PACKET ecptformatlist;
  
      if (!PACKET_as_length_prefixed_1(pkt, &ecptformatlist)) {
@@ -1283,8 +1283,13 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
      }
      if (!s->hit) {
          ecpointformats_len = PACKET_remaining(&ecptformatlist);
-        s->session->ext.ecpointformats_len = 0;
+        if (ecpointformats_len == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, SSL_R_BAD_LENGTH);
+            return 0;
+        }
  
+        s->session->ext.ecpointformats_len = 0;
          OPENSSL_free(s->session->ext.ecpointformats);
          s->session->ext.ecpointformats = OPENSSL_malloc(ecpointformats_len);
          if (s->session->ext.ecpointformats == NULL) {
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c

index 8a33386cd0f713e00badf975594c3bb7b37df6bf..e79bd7b9c008f2bdc341b288b9e40ca020c7301b 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2452,7 +2452,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
              PACKET sigalgs;
  
              if (!PACKET_get_length_prefixed_2(pkt, &sigalgs)) {
-                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                SSLfatal(s, SSL_AD_DECODE_ERROR,
                           SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
                           SSL_R_LENGTH_MISMATCH);
                  return MSG_PROCESS_ERROR;
@@ -2484,7 +2484,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
      }
  
      if (PACKET_remaining(pkt) != 0) {
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
                   SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
                   SSL_R_LENGTH_MISMATCH);
          return MSG_PROCESS_ERROR;
author	Matt Caswell <matt@openssl.org>
	Wed, 31 Jan 2018 09:53:51 +0000 (09:53 +0000)
committer	Matt Caswell <matt@openssl.org>
	Thu, 1 Feb 2018 10:28:49 +0000 (10:28 +0000)
ssl/statem/extensions_clnt.c		patch \| blob \| history
ssl/statem/statem_clnt.c		patch \| blob \| history