From 52a48f9eed73503c691056b5832b3eb04b95ea00 Mon Sep 17 00:00:00 2001 From: Alessandro Ghedini Date: Fri, 2 Oct 2015 13:43:29 +0200 Subject: [PATCH] Validate ClientHello extension field length MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit RT#4069 Reviewed-by: Emilia Käsper Reviewed-by: Matt Caswell --- ssl/t1_lib.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index aeae5b0cba..4975c10853 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1927,6 +1927,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) if (!PACKET_get_net_2(pkt, &len)) goto err; + if (PACKET_remaining(pkt) != len) + goto err; + while (PACKET_get_net_2(pkt, &type) && PACKET_get_net_2(pkt, &size)) { PACKET subpkt; -- 2.25.1