From: Dr. Stephen Henson Date: Fri, 3 Mar 2017 02:44:18 +0000 (+0000) Subject: Disallow zero length signature algorithms X-Git-Tag: OpenSSL_1_1_1-pre1~2120 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8f12296e2356a0daf751cbc00aed14d4c31a2476;p=oweals%2Fopenssl.git Disallow zero length signature algorithms Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2840) --- diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 7414c19ddb..6c007a1302 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2497,6 +2497,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) size_t nl = tls12_get_psigalgs(s, 1, &psigs); if (!WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) || !tls12_copy_sigalgs(s, pkt, psigs, nl) || !WPACKET_close(pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 87ef620e1b..93a8cfeaf2 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1563,7 +1563,7 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt) size = PACKET_remaining(pkt); /* Invalid data length */ - if ((size & 1) != 0) + if (size == 0 || (size & 1) != 0) return 0; size >>= 1;