On receiving an overlong session ID terminate with an illegal_parameter

alert. Found with tlsfuzzer. ok jsing
author: tb <> 2020-05-09 13:51:44 +0000
committer: tb <> 2020-05-09 13:51:44 +0000
commit: 4ada255562a571bc859eaabd939211b3d0608172 (patch)
tree: c6200ecaad96603d649e02a00e5c10b54dd252b8
parent: 190f1484ef8374330be8981661b8d25def86e00c (diff)
download: openbsd-4ada255562a571bc859eaabd939211b3d0608172.tar.gz
openbsd-4ada255562a571bc859eaabd939211b3d0608172.tar.bz2
openbsd-4ada255562a571bc859eaabd939211b3d0608172.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index c9c24f0453..72419dcf3a 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.73 2020/03/06 16:31:30 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.74 2020/05/09 13:51:44 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -834,6 +834,11 @@ ssl3_get_client_hello(SSL *s)
                goto truncated;
        if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
                goto truncated;
+        if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
+                al = SSL_AD_ILLEGAL_PARAMETER;
+                SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
+                goto f_err;
+        }
        if (SSL_IS_DTLS(s)) {
                if (!CBS_get_u8_length_prefixed(&cbs, &cookie))
                        goto truncated;
author	tb <>	2020-05-09 13:51:44 +0000
committer	tb <>	2020-05-09 13:51:44 +0000
commit	4ada255562a571bc859eaabd939211b3d0608172 (patch)
tree	c6200ecaad96603d649e02a00e5c10b54dd252b8
parent	190f1484ef8374330be8981661b8d25def86e00c (diff)
download	openbsd-4ada255562a571bc859eaabd939211b3d0608172.tar.gz openbsd-4ada255562a571bc859eaabd939211b3d0608172.tar.bz2 openbsd-4ada255562a571bc859eaabd939211b3d0608172.zip