From 323f212aa792904b7312d22f6107e9546a41faa4 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 4 Nov 2016 09:49:16 +0000 Subject: [PATCH] Check key_exchange data length is not 0 Reviewed-by: Rich Salz --- ssl/t1_lib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 2dbaa9ffb4..6474c6dbc2 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2754,7 +2754,8 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al) skey = ssl_generate_pkey(ckey); - if (!PACKET_as_length_prefixed_2(&spkt, &encoded_pt)) { + if (!PACKET_as_length_prefixed_2(&spkt, &encoded_pt) + || PACKET_remaining(&encoded_pt) == 0) { *al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, SSL_R_LENGTH_MISMATCH); -- 2.25.1