From 2ee1271d8ff95d6a5036b37f7f03e1ae14436eeb Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 4 Nov 2016 00:07:50 +0000 Subject: [PATCH] Ensure the whole key_share extension is well formatted Reviewed-by: Rich Salz --- ssl/t1_lib.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 044c403ebf..2dbaa9ffb4 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2318,7 +2318,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CLIENTHELLO_MSG *hello, int *al) PACKET key_share_list, encoded_pt; const unsigned char *curves; size_t num_curves; - int group_nid; + int group_nid, found = 0; unsigned int curve_flags; /* Sanity check */ @@ -2338,13 +2338,21 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CLIENTHELLO_MSG *hello, int *al) while (PACKET_remaining(&key_share_list) > 0) { if (!PACKET_get_net_2(&key_share_list, &group_id) || !PACKET_get_length_prefixed_2(&key_share_list, - &encoded_pt)) { + &encoded_pt) + || PACKET_remaining(&encoded_pt) == 0) { *al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT, SSL_R_LENGTH_MISMATCH); return 0; } + /* + * If we already found a suitable key_share we loop through the + * rest to verify the structure, but don't process them. + */ + if (found) + continue; + /* Check this share is in supported_groups */ if (!tls1_get_curvelist(s, 1, &curves, &num_curves)) { *al = SSL_AD_INTERNAL_ERROR; @@ -2416,6 +2424,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CLIENTHELLO_MSG *hello, int *al) SSLerr(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT, SSL_R_BAD_ECPOINT); return 0; } + + found = 1; } } /* -- 2.25.1