Validate ClientHello extension field length

RT#4069 Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-02 13:43:29 +02:00 · 2015-10-02 13:43:29 +02:00 · 52a48f9eed
commit 52a48f9eed
parent 67202973cf
1 changed files with 3 additions and 0 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -1927,6 +1927,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
    if (!PACKET_get_net_2(pkt, &len))
        goto err;

+    if (PACKET_remaining(pkt) != len)
+        goto err;
+
    while (PACKET_get_net_2(pkt, &type) && PACKET_get_net_2(pkt, &size)) {
        PACKET subpkt;