Disallow zero length signature algorithms

author Dr. Stephen Henson <steve@openssl.org>

Fri, 3 Mar 2017 02:44:18 +0000 (02:44 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 3 Mar 2017 21:58:33 +0000 (21:58 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 3 Mar 2017 02:44:18 +0000 (02:44 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 3 Mar 2017 21:58:33 +0000 (21:58 +0000)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c

index 7414c19ddb84c3e7b275311b68ea1a1368207e56..6c007a130299856efe89aaef7fbc51b36ec94eb9 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2497,6 +2497,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
          size_t nl = tls12_get_psigalgs(s, 1, &psigs);
  
          if (!WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)
                  || !tls12_copy_sigalgs(s, pkt, psigs, nl)
                  || !WPACKET_close(pkt)) {
              SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 87ef620e1bf814e1e6d162f655053d9d5d2470f9..93a8cfeaf2e850b877f5d136573ff78067e27cff 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1563,7 +1563,7 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt)
      size = PACKET_remaining(pkt);
  
      /* Invalid data length */
-    if ((size & 1) != 0)
+    if (size == 0 || (size & 1) != 0)
          return 0;
  
      size >>= 1;
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 3 Mar 2017 02:44:18 +0000 (02:44 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 3 Mar 2017 21:58:33 +0000 (21:58 +0000)
ssl/statem/statem_srvr.c		patch \| blob \| history
ssl/t1_lib.c		patch \| blob \| history