From: Matt Caswell Date: Wed, 7 Oct 2015 14:20:47 +0000 (+0100) Subject: Don't advance PACKET in ssl_check_for_safari X-Git-Tag: OpenSSL_1_1_0-pre1~457 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=68a166285102a7cf5dadee763243ae575c5cee77;p=oweals%2Fopenssl.git Don't advance PACKET in ssl_check_for_safari The function ssl_check_for_safari fingerprints the incoming extensions to see whether it is one of the broken versions of safari. However it was failing to reset the PACKET back to the same position it started in, hence causing some extensions to be skipped incorrectly. Reviewed-by: Emilia Käsper --- diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 4975c10853..f18f502907 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1815,10 +1815,11 @@ static int tls1_alpn_handle_client_hello(SSL *s, PACKET *pkt, int *al) * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from * 10.8..10.8.3 (which don't work). */ -static void ssl_check_for_safari(SSL *s, PACKET *pkt) +static void ssl_check_for_safari(SSL *s, const PACKET *pkt) { unsigned int type, size; unsigned char *eblock1, *eblock2; + PACKET tmppkt; static const unsigned char kSafariExtensionsBlock[] = { 0x00, 0x0a, /* elliptic_curves extension */ @@ -1846,10 +1847,12 @@ static void ssl_check_for_safari(SSL *s, PACKET *pkt) 0x02, 0x03, /* SHA-1/ECDSA */ }; - if (!PACKET_forward(pkt, 2) - || !PACKET_get_net_2(pkt, &type) - || !PACKET_get_net_2(pkt, &size) - || !PACKET_forward(pkt, size)) + tmppkt = *pkt; + + if (!PACKET_forward(&tmppkt, 2) + || !PACKET_get_net_2(&tmppkt, &type) + || !PACKET_get_net_2(&tmppkt, &size) + || !PACKET_forward(&tmppkt, size)) return; if (type != TLSEXT_TYPE_server_name) @@ -1859,9 +1862,9 @@ static void ssl_check_for_safari(SSL *s, PACKET *pkt) const size_t len1 = sizeof(kSafariExtensionsBlock); const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); - if (!PACKET_get_bytes(pkt, &eblock1, len1) - || !PACKET_get_bytes(pkt, &eblock2, len2) - || PACKET_remaining(pkt)) + if (!PACKET_get_bytes(&tmppkt, &eblock1, len1) + || !PACKET_get_bytes(&tmppkt, &eblock2, len2) + || PACKET_remaining(&tmppkt)) return; if (memcmp(eblock1, kSafariExtensionsBlock, len1) != 0) return; @@ -1870,8 +1873,8 @@ static void ssl_check_for_safari(SSL *s, PACKET *pkt) } else { const size_t len = sizeof(kSafariExtensionsBlock); - if (!PACKET_get_bytes(pkt, &eblock1, len) - || PACKET_remaining(pkt)) + if (!PACKET_get_bytes(&tmppkt, &eblock1, len) + || PACKET_remaining(&tmppkt)) return; if (memcmp(eblock1, kSafariExtensionsBlock, len) != 0) return;