From 77857ddcca41e1ad34725715fe7b32adc4de7930 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 1 Jul 2016 11:58:05 +0100
Subject: [PATCH] Avoid an overflow in constructing the ServerKeyExchange
 message

We calculate the size required for the ServerKeyExchange message and then
call BUF_MEM_grow_clean() on the buffer. However we fail to take account of
2 bytes required for the signature algorithm and 2 bytes for the signature
length, i.e. we could overflow by 4 bytes. In reality this won't happen
because the buffer is pre-allocated to a large size that means it should be
big enough anyway.

Addresses an OCAP Audit issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 ssl/s3_srvr.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 0c43c493ed..299f85b2fb 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1872,6 +1872,11 @@ int ssl3_send_server_key_exchange(SSL *s)
                 goto f_err;
             }
             kn = EVP_PKEY_size(pkey);
+            /* Allow space for signature algorithm */
+            if (SSL_USE_SIGALGS(s))
+                kn += 2;
+            /* Allow space for signature length */
+            kn += 2;
         } else {
             pkey = NULL;
             kn = 0;
-- 
2.25.1