From: Matt Caswell Date: Tue, 5 Dec 2017 13:36:13 +0000 (+0000) Subject: Fix bug in TLSv1.3 PSK processing X-Git-Tag: OpenSSL_1_1_1-pre1~368 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=2894e9cb6de62baec5b17d4f248b4ff12eb62005;p=oweals%2Fopenssl.git Fix bug in TLSv1.3 PSK processing The recent SSL error overhaul left a case where an error occurs but SSLfatal() is not called. Credit to OSSfuzz for finding this issue. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/4847) --- diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index c626ba61c7..b07376fe9e 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -850,11 +850,14 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } } - if (PACKET_remaining(&binder) != hashsize - || tls_psk_do_binder(s, md, - (const unsigned char *)s->init_buf->data, - binderoffset, PACKET_data(&binder), NULL, - sess, 0, ext) != 1) { + if (PACKET_remaining(&binder) != hashsize) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, + SSL_R_BAD_EXTENSION); + goto err; + } + if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data, + binderoffset, PACKET_data(&binder), NULL, sess, 0, + ext) != 1) { /* SSLfatal() already called */ goto err; }