diff options
| author | miod <> | 2014-07-11 22:57:25 +0000 |
|---|---|---|
| committer | miod <> | 2014-07-11 22:57:25 +0000 |
| commit | c95157e4b6c5e281cb496ef41f9969df25abef91 (patch) | |
| tree | d76e443b574ed3f2bb44b4cd1fdacdba22613ea8 /src/lib/libssl/d1_clnt.c | |
| parent | 994822f5ed5b52cdb013f4acc6ea695367f1bd47 (diff) | |
| download | openbsd-c95157e4b6c5e281cb496ef41f9969df25abef91.tar.gz openbsd-c95157e4b6c5e281cb496ef41f9969df25abef91.tar.bz2 openbsd-c95157e4b6c5e281cb496ef41f9969df25abef91.zip | |
As reported by David Ramos, most consumer of ssl_get_message() perform late
bounds check, after reading the 2-, 3- or 4-byte size of the next chunk to
process. But the size fields themselves are not checked for being entirely
contained in the buffer.
Since reading past your bounds is bad practice, and may not possible if you
are using a secure memory allocator, we need to add the necessary bounds check,
at the expense of some readability.
As a bonus, a wrong size GOST session key will now trigger an error instead of
a printf to stderr and it being handled as if it had the correct size.
Creating this diff made my eyes bleed (in the real sense); reviewing it
made guenther@'s and beck@'s eyes bleed too (in the literal sense).
ok guenther@ beck@
Diffstat (limited to 'src/lib/libssl/d1_clnt.c')
| -rw-r--r-- | src/lib/libssl/d1_clnt.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index 3f47a3854b..b85908c733 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_clnt.c,v 1.28 2014/07/11 09:24:44 beck Exp $ */ | 1 | /* $OpenBSD: d1_clnt.c,v 1.29 2014/07/11 22:57:25 miod Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -879,6 +879,8 @@ dtls1_get_hello_verify(SSL *s) | |||
| 879 | return (1); | 879 | return (1); |
| 880 | } | 880 | } |
| 881 | 881 | ||
| 882 | if (2 > n) | ||
| 883 | goto truncated; | ||
| 882 | data = (unsigned char *)s->init_msg; | 884 | data = (unsigned char *)s->init_msg; |
| 883 | 885 | ||
| 884 | if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) { | 886 | if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) { |
| @@ -889,7 +891,11 @@ dtls1_get_hello_verify(SSL *s) | |||
| 889 | } | 891 | } |
| 890 | data += 2; | 892 | data += 2; |
| 891 | 893 | ||
| 894 | if (2 + 1 > n) | ||
| 895 | goto truncated; | ||
| 892 | cookie_len = *(data++); | 896 | cookie_len = *(data++); |
| 897 | if (2 + 1 + cookie_len > n) | ||
| 898 | goto truncated; | ||
| 893 | if (cookie_len > sizeof(s->d1->cookie)) { | 899 | if (cookie_len > sizeof(s->d1->cookie)) { |
| 894 | al = SSL_AD_ILLEGAL_PARAMETER; | 900 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 895 | goto f_err; | 901 | goto f_err; |
| @@ -901,6 +907,8 @@ dtls1_get_hello_verify(SSL *s) | |||
| 901 | s->d1->send_cookie = 1; | 907 | s->d1->send_cookie = 1; |
| 902 | return 1; | 908 | return 1; |
| 903 | 909 | ||
| 910 | truncated: | ||
| 911 | al = SSL_AD_DECODE_ERROR; | ||
| 904 | f_err: | 912 | f_err: |
| 905 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 913 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 906 | return -1; | 914 | return -1; |