Reject elliptic curve lists of odd lengths.

The Supported Elliptic Curves extension contains a vector of NamedCurves of 2 bytes each, so the total length must be even. Accepting odd-length lists was observed to lead to a non-exploitable one-byte out-of-bounds read in the latest development branches (1.0.2 and master). Released versions of OpenSSL are not affected. Thanks to Felix Groebert of the Google Security Team for reporting this issue. Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-01 15:04:02 +01:00 · 2014-12-01 15:04:02 +01:00 · 33d5ba8629
commit 33d5ba8629
parent f50ffd10fa
1 changed files with 3 additions and 1 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -2155,7 +2155,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 			ellipticcurvelist_length += (*(sdata++));

 			if (ellipticcurvelist_length != size - 2 ||
-				ellipticcurvelist_length < 1)
+				ellipticcurvelist_length < 1 ||
+				/* Each NamedCurve is 2 bytes. */
+				ellipticcurvelist_length & 1)
 				{
 				*al = TLS1_AD_DECODE_ERROR;
 				return 0;