Ensure that a server hello does not have trailing data.

Found by tlsfuzzer. ok beck@
author: jsing <> 2021-09-03 13:18:17 +0000
committer: jsing <> 2021-09-03 13:18:17 +0000
commit: 149ab54a9d8d67404fd92901e45040db804e90d3 (patch)
tree: 3f87dc96c4c8c1b2869704c12dde06d97654975d /src/lib
parent: 0e1b29b0b5ebb370785e5e69e3b74e9affb817c2 (diff)
download: openbsd-149ab54a9d8d67404fd92901e45040db804e90d3.tar.gz
openbsd-149ab54a9d8d67404fd92901e45040db804e90d3.tar.bz2
openbsd-149ab54a9d8d67404fd92901e45040db804e90d3.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index e27a0735b6..ddab394db9 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.110 2021/09/02 14:41:03 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.111 2021/09/03 13:18:17 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1065,6 +1065,9 @@ ssl3_get_server_hello(SSL *s)
                goto fatal_err;
        }
+        if (CBS_len(&cbs) != 0)
+                goto decode_err;
        /*
         * Determine if we need to see RI. Strictly speaking if we want to
         * avoid an attack we should *always* see RI even on initial server
author	jsing <>	2021-09-03 13:18:17 +0000
committer	jsing <>	2021-09-03 13:18:17 +0000
commit	149ab54a9d8d67404fd92901e45040db804e90d3 (patch)
tree	3f87dc96c4c8c1b2869704c12dde06d97654975d /src/lib
parent	0e1b29b0b5ebb370785e5e69e3b74e9affb817c2 (diff)
download	openbsd-149ab54a9d8d67404fd92901e45040db804e90d3.tar.gz openbsd-149ab54a9d8d67404fd92901e45040db804e90d3.tar.bz2 openbsd-149ab54a9d8d67404fd92901e45040db804e90d3.zip