Check for ClientHello message overruns
The ClientHello processing is insufficiently rigorous in its checks to make sure that we don't read past the end of the message. This does not have security implications due to the size of the underlying buffer - but still needs to be fixed. With thanks to Qinghao Tang for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit c9642eb1ff79a30e2c7632ef8267cc34cc2b0d79)
This commit is contained in:
parent
047cdde7a5
commit
89c2720298
@ -991,6 +991,16 @@ int ssl3_get_client_hello(SSL *s)
|
|||||||
s->first_packet = 0;
|
s->first_packet = 0;
|
||||||
d = p = (unsigned char *)s->init_msg;
|
d = p = (unsigned char *)s->init_msg;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte
|
||||||
|
* for session id length
|
||||||
|
*/
|
||||||
|
if (n < 2 + SSL3_RANDOM_SIZE + 1) {
|
||||||
|
al = SSL_AD_DECODE_ERROR;
|
||||||
|
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||||
|
goto f_err;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* use version from inside client hello, not from record header (may
|
* use version from inside client hello, not from record header (may
|
||||||
* differ: see RFC 2246, Appendix E, second paragraph)
|
* differ: see RFC 2246, Appendix E, second paragraph)
|
||||||
@ -1022,6 +1032,12 @@ int ssl3_get_client_hello(SSL *s)
|
|||||||
unsigned int session_length, cookie_length;
|
unsigned int session_length, cookie_length;
|
||||||
|
|
||||||
session_length = *(p + SSL3_RANDOM_SIZE);
|
session_length = *(p + SSL3_RANDOM_SIZE);
|
||||||
|
|
||||||
|
if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
|
||||||
|
al = SSL_AD_DECODE_ERROR;
|
||||||
|
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||||
|
goto f_err;
|
||||||
|
}
|
||||||
cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
|
cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
|
||||||
|
|
||||||
if (cookie_length == 0)
|
if (cookie_length == 0)
|
||||||
@ -1035,6 +1051,12 @@ int ssl3_get_client_hello(SSL *s)
|
|||||||
/* get the session-id */
|
/* get the session-id */
|
||||||
j = *(p++);
|
j = *(p++);
|
||||||
|
|
||||||
|
if (p + j > d + n) {
|
||||||
|
al = SSL_AD_DECODE_ERROR;
|
||||||
|
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||||
|
goto f_err;
|
||||||
|
}
|
||||||
|
|
||||||
s->hit = 0;
|
s->hit = 0;
|
||||||
/*
|
/*
|
||||||
* Versions before 0.9.7 always allow clients to resume sessions in
|
* Versions before 0.9.7 always allow clients to resume sessions in
|
||||||
@ -1079,8 +1101,19 @@ int ssl3_get_client_hello(SSL *s)
|
|||||||
|
|
||||||
if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
|
if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
|
||||||
/* cookie stuff */
|
/* cookie stuff */
|
||||||
|
if (p + 1 > d + n) {
|
||||||
|
al = SSL_AD_DECODE_ERROR;
|
||||||
|
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||||
|
goto f_err;
|
||||||
|
}
|
||||||
cookie_len = *(p++);
|
cookie_len = *(p++);
|
||||||
|
|
||||||
|
if (p + cookie_len > d + n) {
|
||||||
|
al = SSL_AD_DECODE_ERROR;
|
||||||
|
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||||
|
goto f_err;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The ClientHello may contain a cookie even if the
|
* The ClientHello may contain a cookie even if the
|
||||||
* HelloVerify message has not been sent--make sure that it
|
* HelloVerify message has not been sent--make sure that it
|
||||||
@ -1121,6 +1154,11 @@ int ssl3_get_client_hello(SSL *s)
|
|||||||
p += cookie_len;
|
p += cookie_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (p + 2 > d + n) {
|
||||||
|
al = SSL_AD_DECODE_ERROR;
|
||||||
|
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||||
|
goto f_err;
|
||||||
|
}
|
||||||
n2s(p, i);
|
n2s(p, i);
|
||||||
if ((i == 0) && (j != 0)) {
|
if ((i == 0) && (j != 0)) {
|
||||||
/* we need a cipher if we are not resuming a session */
|
/* we need a cipher if we are not resuming a session */
|
||||||
@ -1128,7 +1166,9 @@ int ssl3_get_client_hello(SSL *s)
|
|||||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
|
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
|
||||||
goto f_err;
|
goto f_err;
|
||||||
}
|
}
|
||||||
if ((p + i) >= (d + n)) {
|
|
||||||
|
/* i bytes of cipher data + 1 byte for compression length later */
|
||||||
|
if ((p + i + 1) > (d + n)) {
|
||||||
/* not enough data */
|
/* not enough data */
|
||||||
al = SSL_AD_DECODE_ERROR;
|
al = SSL_AD_DECODE_ERROR;
|
||||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
|
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
|
||||||
|
Loading…
Reference in New Issue
Block a user