If we fail to decode an EC point format extension, send a decode_error

alert rather than an internal_error alert.

Issue found by Simon Friedberger, Robert Merget and Juraj Somorovsky.

ok beck@ inoguchi@

1 files changed, 6 insertions, 4 deletions

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 3735b719db..b70be87f3a 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.21 2018/02/08 11:30:30 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.22 2018/05/12 17:27:22 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -333,14 +333,16 @@ tlsext_ecpf_parse(SSL *s, CBS *cbs, int *alert)
 
         if (!s->internal->hit) {
                 if (!CBS_stow(&ecpf, &(SSI(s)->tlsext_ecpointformatlist),
-                    &(SSI(s)->tlsext_ecpointformatlist_length)))
-                        goto err;
+                    &(SSI(s)->tlsext_ecpointformatlist_length))) {
+                        *alert = TLS1_AD_INTERNAL_ERROR;
+                        return 0;
+                }
         }
 
         return 1;
 
  err:
-        *alert = TLS1_AD_INTERNAL_ERROR;
+        *alert = SSL_AD_DECODE_ERROR;
         return 0;
 }