summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authormiod <>2014-07-11 22:57:25 +0000
committermiod <>2014-07-11 22:57:25 +0000
commitc95157e4b6c5e281cb496ef41f9969df25abef91 (patch)
treed76e443b574ed3f2bb44b4cd1fdacdba22613ea8 /src/lib
parent994822f5ed5b52cdb013f4acc6ea695367f1bd47 (diff)
downloadopenbsd-c95157e4b6c5e281cb496ef41f9969df25abef91.tar.gz
openbsd-c95157e4b6c5e281cb496ef41f9969df25abef91.tar.bz2
openbsd-c95157e4b6c5e281cb496ef41f9969df25abef91.zip
As reported by David Ramos, most consumer of ssl_get_message() perform late
bounds check, after reading the 2-, 3- or 4-byte size of the next chunk to process. But the size fields themselves are not checked for being entirely contained in the buffer. Since reading past your bounds is bad practice, and may not possible if you are using a secure memory allocator, we need to add the necessary bounds check, at the expense of some readability. As a bonus, a wrong size GOST session key will now trigger an error instead of a printf to stderr and it being handled as if it had the correct size. Creating this diff made my eyes bleed (in the real sense); reviewing it made guenther@'s and beck@'s eyes bleed too (in the literal sense). ok guenther@ beck@
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/d1_clnt.c10
-rw-r--r--src/lib/libssl/s3_clnt.c85
-rw-r--r--src/lib/libssl/s3_srvr.c106
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c10
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c85
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c106
6 files changed, 296 insertions, 106 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 3f47a3854b..b85908c733 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.28 2014/07/11 09:24:44 beck Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.29 2014/07/11 22:57:25 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -879,6 +879,8 @@ dtls1_get_hello_verify(SSL *s)
879 return (1); 879 return (1);
880 } 880 }
881 881
882 if (2 > n)
883 goto truncated;
882 data = (unsigned char *)s->init_msg; 884 data = (unsigned char *)s->init_msg;
883 885
884 if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) { 886 if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) {
@@ -889,7 +891,11 @@ dtls1_get_hello_verify(SSL *s)
889 } 891 }
890 data += 2; 892 data += 2;
891 893
894 if (2 + 1 > n)
895 goto truncated;
892 cookie_len = *(data++); 896 cookie_len = *(data++);
897 if (2 + 1 + cookie_len > n)
898 goto truncated;
893 if (cookie_len > sizeof(s->d1->cookie)) { 899 if (cookie_len > sizeof(s->d1->cookie)) {
894 al = SSL_AD_ILLEGAL_PARAMETER; 900 al = SSL_AD_ILLEGAL_PARAMETER;
895 goto f_err; 901 goto f_err;
@@ -901,6 +907,8 @@ dtls1_get_hello_verify(SSL *s)
901 s->d1->send_cookie = 1; 907 s->d1->send_cookie = 1;
902 return 1; 908 return 1;
903 909
910truncated:
911 al = SSL_AD_DECODE_ERROR;
904f_err: 912f_err:
905 ssl3_send_alert(s, SSL3_AL_FATAL, al); 913 ssl3_send_alert(s, SSL3_AL_FATAL, al);
906 return -1; 914 return -1;
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 3596acf1de..884b9f1efb 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.77 2014/07/11 15:44:53 miod Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.78 2014/07/11 22:57:25 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -814,6 +814,8 @@ ssl3_get_server_hello(SSL *s)
814 814
815 d = p = (unsigned char *)s->init_msg; 815 d = p = (unsigned char *)s->init_msg;
816 816
817 if (2 > n)
818 goto truncated;
817 if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { 819 if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
818 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); 820 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
819 s->version = (s->version&0xff00) | p[1]; 821 s->version = (s->version&0xff00) | p[1];
@@ -823,6 +825,10 @@ ssl3_get_server_hello(SSL *s)
823 p += 2; 825 p += 2;
824 826
825 /* load the server hello data */ 827 /* load the server hello data */
828
829 if (p + SSL3_RANDOM_SIZE + 1 - d > n)
830 goto truncated;
831
826 /* load the server random */ 832 /* load the server random */
827 memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE); 833 memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE);
828 p += SSL3_RANDOM_SIZE; 834 p += SSL3_RANDOM_SIZE;
@@ -838,6 +844,9 @@ ssl3_get_server_hello(SSL *s)
838 goto f_err; 844 goto f_err;
839 } 845 }
840 846
847 if (p + j + 2 - d > n)
848 goto truncated;
849
841 /* 850 /*
842 * Check if we want to resume the session based on external 851 * Check if we want to resume the session based on external
843 * pre-shared secret 852 * pre-shared secret
@@ -935,6 +944,8 @@ ssl3_get_server_hello(SSL *s)
935 } 944 }
936 /* lets get the compression algorithm */ 945 /* lets get the compression algorithm */
937 /* COMPRESSION */ 946 /* COMPRESSION */
947 if (p + 1 - d > n)
948 goto truncated;
938 if (*(p++) != 0) { 949 if (*(p++) != 0) {
939 al = SSL_AD_ILLEGAL_PARAMETER; 950 al = SSL_AD_ILLEGAL_PARAMETER;
940 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 951 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
@@ -958,15 +969,15 @@ ssl3_get_server_hello(SSL *s)
958 } 969 }
959 } 970 }
960 971
961 if (p != (d + n)) { 972 if (p != d + n)
962 /* wrong packet length */ 973 goto truncated;
963 al = SSL_AD_DECODE_ERROR;
964 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
965 SSL_R_BAD_PACKET_LENGTH);
966 goto f_err;
967 }
968 974
969 return (1); 975 return (1);
976
977truncated:
978 /* wrong packet length */
979 al = SSL_AD_DECODE_ERROR;
980 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
970f_err: 981f_err:
971 ssl3_send_alert(s, SSL3_AL_FATAL, al); 982 ssl3_send_alert(s, SSL3_AL_FATAL, al);
972err: 983err:
@@ -1015,6 +1026,8 @@ ssl3_get_server_certificate(SSL *s)
1015 goto err; 1026 goto err;
1016 } 1027 }
1017 1028
1029 if (p + 3 - d > n)
1030 goto truncated;
1018 n2l3(p, llen); 1031 n2l3(p, llen);
1019 if (llen + 3 != n) { 1032 if (llen + 3 != n) {
1020 al = SSL_AD_DECODE_ERROR; 1033 al = SSL_AD_DECODE_ERROR;
@@ -1023,6 +1036,8 @@ ssl3_get_server_certificate(SSL *s)
1023 goto f_err; 1036 goto f_err;
1024 } 1037 }
1025 for (nc = 0; nc < llen; ) { 1038 for (nc = 0; nc < llen; ) {
1039 if (p + 3 - d > n)
1040 goto truncated;
1026 n2l3(p, l); 1041 n2l3(p, l);
1027 if ((l + nc + 3) > llen) { 1042 if ((l + nc + 3) > llen) {
1028 al = SSL_AD_DECODE_ERROR; 1043 al = SSL_AD_DECODE_ERROR;
@@ -1094,7 +1109,7 @@ ssl3_get_server_certificate(SSL *s)
1094 x = NULL; 1109 x = NULL;
1095 al = SSL3_AL_FATAL; 1110 al = SSL3_AL_FATAL;
1096 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1111 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1097 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); 1112 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1098 goto f_err; 1113 goto f_err;
1099 } 1114 }
1100 1115
@@ -1103,7 +1118,7 @@ ssl3_get_server_certificate(SSL *s)
1103 x = NULL; 1118 x = NULL;
1104 al = SSL3_AL_FATAL; 1119 al = SSL3_AL_FATAL;
1105 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1120 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1106 SSL_R_UNKNOWN_CERTIFICATE_TYPE); 1121 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1107 goto f_err; 1122 goto f_err;
1108 } 1123 }
1109 1124
@@ -1137,6 +1152,11 @@ ssl3_get_server_certificate(SSL *s)
1137 ret = 1; 1152 ret = 1;
1138 1153
1139 if (0) { 1154 if (0) {
1155truncated:
1156 /* wrong packet length */
1157 al = SSL_AD_DECODE_ERROR;
1158 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1159 SSL_R_BAD_PACKET_LENGTH);
1140f_err: 1160f_err:
1141 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1161 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1142 } 1162 }
@@ -1206,6 +1226,8 @@ ssl3_get_key_exchange(SSL *s)
1206 ERR_R_MALLOC_FAILURE); 1226 ERR_R_MALLOC_FAILURE);
1207 goto err; 1227 goto err;
1208 } 1228 }
1229 if (2 > n)
1230 goto truncated;
1209 n2s(p, i); 1231 n2s(p, i);
1210 param_len = i + 2; 1232 param_len = i + 2;
1211 if (param_len > n) { 1233 if (param_len > n) {
@@ -1221,6 +1243,8 @@ ssl3_get_key_exchange(SSL *s)
1221 } 1243 }
1222 p += i; 1244 p += i;
1223 1245
1246 if (param_len + 2 > n)
1247 goto truncated;
1224 n2s(p, i); 1248 n2s(p, i);
1225 param_len += i + 2; 1249 param_len += i + 2;
1226 if (param_len > n) { 1250 if (param_len > n) {
@@ -1258,6 +1282,8 @@ ssl3_get_key_exchange(SSL *s)
1258 ERR_R_DH_LIB); 1282 ERR_R_DH_LIB);
1259 goto err; 1283 goto err;
1260 } 1284 }
1285 if (2 > n)
1286 goto truncated;
1261 n2s(p, i); 1287 n2s(p, i);
1262 param_len = i + 2; 1288 param_len = i + 2;
1263 if (param_len > n) { 1289 if (param_len > n) {
@@ -1273,6 +1299,8 @@ ssl3_get_key_exchange(SSL *s)
1273 } 1299 }
1274 p += i; 1300 p += i;
1275 1301
1302 if (param_len + 2 > n)
1303 goto truncated;
1276 n2s(p, i); 1304 n2s(p, i);
1277 param_len += i + 2; 1305 param_len += i + 2;
1278 if (param_len > n) { 1306 if (param_len > n) {
@@ -1288,6 +1316,8 @@ ssl3_get_key_exchange(SSL *s)
1288 } 1316 }
1289 p += i; 1317 p += i;
1290 1318
1319 if (param_len + 2 > n)
1320 goto truncated;
1291 n2s(p, i); 1321 n2s(p, i);
1292 param_len += i + 2; 1322 param_len += i + 2;
1293 if (param_len > n) { 1323 if (param_len > n) {
@@ -1376,6 +1406,8 @@ ssl3_get_key_exchange(SSL *s)
1376 goto err; 1406 goto err;
1377 } 1407 }
1378 1408
1409 if (param_len + 1 > n)
1410 goto truncated;
1379 encoded_pt_len = *p; 1411 encoded_pt_len = *p;
1380 /* length of encoded point */ 1412 /* length of encoded point */
1381 p += 1; 1413 p += 1;
@@ -1435,6 +1467,8 @@ ssl3_get_key_exchange(SSL *s)
1435 * Check key type is consistent 1467 * Check key type is consistent
1436 * with signature 1468 * with signature
1437 */ 1469 */
1470 if (2 > n)
1471 goto truncated;
1438 if (sigalg != (int)p[1]) { 1472 if (sigalg != (int)p[1]) {
1439 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1473 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1440 SSL_R_WRONG_SIGNATURE_TYPE); 1474 SSL_R_WRONG_SIGNATURE_TYPE);
@@ -1453,11 +1487,13 @@ ssl3_get_key_exchange(SSL *s)
1453 } else 1487 } else
1454 md = EVP_sha1(); 1488 md = EVP_sha1();
1455 1489
1490 if (2 > n)
1491 goto truncated;
1456 n2s(p, i); 1492 n2s(p, i);
1457 n -= 2; 1493 n -= 2;
1458 j = EVP_PKEY_size(pkey); 1494 j = EVP_PKEY_size(pkey);
1459 1495
1460 if ((i != n) || (n > j) || (n <= 0)) { 1496 if (i != n || n > j) {
1461 /* wrong packet length */ 1497 /* wrong packet length */
1462 al = SSL_AD_DECODE_ERROR; 1498 al = SSL_AD_DECODE_ERROR;
1463 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1499 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
@@ -1534,6 +1570,10 @@ ssl3_get_key_exchange(SSL *s)
1534 EVP_PKEY_free(pkey); 1570 EVP_PKEY_free(pkey);
1535 EVP_MD_CTX_cleanup(&md_ctx); 1571 EVP_MD_CTX_cleanup(&md_ctx);
1536 return (1); 1572 return (1);
1573truncated:
1574 /* wrong packet length */
1575 al = SSL_AD_DECODE_ERROR;
1576 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
1537f_err: 1577f_err:
1538 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1578 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1539err: 1579err:
@@ -1606,13 +1646,26 @@ ssl3_get_certificate_request(SSL *s)
1606 } 1646 }
1607 1647
1608 /* get the certificate types */ 1648 /* get the certificate types */
1649 if (1 > n)
1650 goto truncated;
1609 ctype_num= *(p++); 1651 ctype_num= *(p++);
1610 if (ctype_num > SSL3_CT_NUMBER) 1652 if (ctype_num > SSL3_CT_NUMBER)
1611 ctype_num = SSL3_CT_NUMBER; 1653 ctype_num = SSL3_CT_NUMBER;
1654 if (p + ctype_num - d > n) {
1655 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1656 SSL_R_DATA_LENGTH_TOO_LONG);
1657 goto err;
1658 }
1659
1612 for (i = 0; i < ctype_num; i++) 1660 for (i = 0; i < ctype_num; i++)
1613 s->s3->tmp.ctype[i] = p[i]; 1661 s->s3->tmp.ctype[i] = p[i];
1614 p += ctype_num; 1662 p += ctype_num;
1615 if (SSL_USE_SIGALGS(s)) { 1663 if (SSL_USE_SIGALGS(s)) {
1664 if (p + 2 - d > n) {
1665 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1666 SSL_R_DATA_LENGTH_TOO_LONG);
1667 goto err;
1668 }
1616 n2s(p, llen); 1669 n2s(p, llen);
1617 /* Check we have enough room for signature algorithms and 1670 /* Check we have enough room for signature algorithms and
1618 * following length value. 1671 * following length value.
@@ -1633,6 +1686,11 @@ ssl3_get_certificate_request(SSL *s)
1633 } 1686 }
1634 1687
1635 /* get the CA RDNs */ 1688 /* get the CA RDNs */
1689 if (p + 2 - d > n) {
1690 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1691 SSL_R_DATA_LENGTH_TOO_LONG);
1692 goto err;
1693 }
1636 n2s(p, llen); 1694 n2s(p, llen);
1637 1695
1638 if ((unsigned long)(p - d + llen) != n) { 1696 if ((unsigned long)(p - d + llen) != n) {
@@ -1698,6 +1756,11 @@ cont:
1698 ca_sk = NULL; 1756 ca_sk = NULL;
1699 1757
1700 ret = 1; 1758 ret = 1;
1759 if (0) {
1760truncated:
1761 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1762 SSL_R_BAD_PACKET_LENGTH);
1763 }
1701err: 1764err:
1702 if (ca_sk != NULL) 1765 if (ca_sk != NULL)
1703 sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); 1766 sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 66a4552237..89325b7be9 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.74 2014/07/11 15:18:52 miod Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.75 2014/07/11 22:57:25 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -894,18 +894,17 @@ ssl3_get_client_hello(SSL *s)
894 s->state = SSL3_ST_SR_CLNT_HELLO_B; 894 s->state = SSL3_ST_SR_CLNT_HELLO_B;
895 } 895 }
896 s->first_packet = 1; 896 s->first_packet = 1;
897 n = s->method->ssl_get_message(s, 897 n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
898 SSL3_ST_SR_CLNT_HELLO_B, 898 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
899 SSL3_ST_SR_CLNT_HELLO_C, 899 SSL3_RT_MAX_PLAIN_LENGTH, &ok);
900 SSL3_MT_CLIENT_HELLO,
901 SSL3_RT_MAX_PLAIN_LENGTH,
902 &ok);
903 900
904 if (!ok) 901 if (!ok)
905 return ((int)n); 902 return ((int)n);
906 s->first_packet = 0; 903 s->first_packet = 0;
907 d = p=(unsigned char *)s->init_msg; 904 d = p = (unsigned char *)s->init_msg;
908 905
906 if (2 > n)
907 goto truncated;
909 /* 908 /*
910 * Use version from inside client hello, not from record header. 909 * Use version from inside client hello, not from record header.
911 * (may differ: see RFC 2246, Appendix E, second paragraph) 910 * (may differ: see RFC 2246, Appendix E, second paragraph)
@@ -944,12 +943,17 @@ ssl3_get_client_hello(SSL *s)
944 return (1); 943 return (1);
945 } 944 }
946 945
946 if (p + SSL3_RANDOM_SIZE + 1 - d > n)
947 goto truncated;
948
947 /* load the client random */ 949 /* load the client random */
948 memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE); 950 memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE);
949 p += SSL3_RANDOM_SIZE; 951 p += SSL3_RANDOM_SIZE;
950 952
951 /* get the session-id */ 953 /* get the session-id */
952 j= *(p++); 954 j= *(p++);
955 if (p + j - d > n)
956 goto truncated;
953 957
954 s->hit = 0; 958 s->hit = 0;
955 /* 959 /*
@@ -988,6 +992,8 @@ ssl3_get_client_hello(SSL *s)
988 992
989 if (SSL_IS_DTLS(s)) { 993 if (SSL_IS_DTLS(s)) {
990 /* cookie stuff */ 994 /* cookie stuff */
995 if (p + 1 - d > n)
996 goto truncated;
991 cookie_len = *(p++); 997 cookie_len = *(p++);
992 998
993 /* 999 /*
@@ -1003,6 +1009,9 @@ ssl3_get_client_hello(SSL *s)
1003 goto f_err; 1009 goto f_err;
1004 } 1010 }
1005 1011
1012 if (p + cookie_len - d > n)
1013 goto truncated;
1014
1006 /* verify the cookie if appropriate option is set. */ 1015 /* verify the cookie if appropriate option is set. */
1007 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && 1016 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
1008 cookie_len > 0) { 1017 cookie_len > 0) {
@@ -1032,6 +1041,8 @@ ssl3_get_client_hello(SSL *s)
1032 p += cookie_len; 1041 p += cookie_len;
1033 } 1042 }
1034 1043
1044 if (p + 2 - d > n)
1045 goto truncated;
1035 n2s(p, i); 1046 n2s(p, i);
1036 if ((i == 0) && (j != 0)) { 1047 if ((i == 0) && (j != 0)) {
1037 /* we need a cipher if we are not resuming a session */ 1048 /* we need a cipher if we are not resuming a session */
@@ -1040,13 +1051,8 @@ ssl3_get_client_hello(SSL *s)
1040 SSL_R_NO_CIPHERS_SPECIFIED); 1051 SSL_R_NO_CIPHERS_SPECIFIED);
1041 goto f_err; 1052 goto f_err;
1042 } 1053 }
1043 if ((p + i) >= (d + n)) { 1054 if (p + i - d > n)
1044 /* not enough data */ 1055 goto truncated;
1045 al = SSL_AD_DECODE_ERROR;
1046 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1047 SSL_R_LENGTH_MISMATCH);
1048 goto f_err;
1049 }
1050 if ((i > 0) && 1056 if ((i > 0) &&
1051 (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL)) { 1057 (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL)) {
1052 goto err; 1058 goto err;
@@ -1078,14 +1084,11 @@ ssl3_get_client_hello(SSL *s)
1078 } 1084 }
1079 1085
1080 /* compression */ 1086 /* compression */
1087 if (p + 1 - d > n)
1088 goto truncated;
1081 i= *(p++); 1089 i= *(p++);
1082 if ((p + i) > (d + n)) { 1090 if (p + i - d > n)
1083 /* not enough data */ 1091 goto truncated;
1084 al = SSL_AD_DECODE_ERROR;
1085 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1086 SSL_R_LENGTH_MISMATCH);
1087 goto f_err;
1088 }
1089 for (j = 0; j < i; j++) { 1092 for (j = 0; j < i; j++) {
1090 if (p[j] == 0) 1093 if (p[j] == 0)
1091 break; 1094 break;
@@ -1247,6 +1250,9 @@ ssl3_get_client_hello(SSL *s)
1247 if (ret < 0) 1250 if (ret < 0)
1248 ret = 1; 1251 ret = 1;
1249 if (0) { 1252 if (0) {
1253truncated:
1254 al = SSL_AD_DECODE_ERROR;
1255 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_BAD_PACKET_LENGTH);
1250f_err: 1256f_err:
1251 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1257 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1252 } 1258 }
@@ -1847,7 +1853,7 @@ ssl3_get_client_key_exchange(SSL *s)
1847 int i, al, ok; 1853 int i, al, ok;
1848 long n; 1854 long n;
1849 unsigned long alg_k; 1855 unsigned long alg_k;
1850 unsigned char *p; 1856 unsigned char *d, *p;
1851 RSA *rsa = NULL; 1857 RSA *rsa = NULL;
1852 EVP_PKEY *pkey = NULL; 1858 EVP_PKEY *pkey = NULL;
1853 BIGNUM *pub = NULL; 1859 BIGNUM *pub = NULL;
@@ -1863,7 +1869,7 @@ ssl3_get_client_key_exchange(SSL *s)
1863 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok); 1869 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
1864 if (!ok) 1870 if (!ok)
1865 return ((int)n); 1871 return ((int)n);
1866 p = (unsigned char *)s->init_msg; 1872 d = p = (unsigned char *)s->init_msg;
1867 1873
1868 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1874 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1869 1875
@@ -1897,6 +1903,8 @@ ssl3_get_client_key_exchange(SSL *s)
1897 1903
1898 /* TLS and [incidentally] DTLS{0xFEFF} */ 1904 /* TLS and [incidentally] DTLS{0xFEFF} */
1899 if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) { 1905 if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {
1906 if (2 > n)
1907 goto truncated;
1900 n2s(p, i); 1908 n2s(p, i);
1901 if (n != i + 2) { 1909 if (n != i + 2) {
1902 if (!(s->options & SSL_OP_TLS_D5_BUG)) { 1910 if (!(s->options & SSL_OP_TLS_D5_BUG)) {
@@ -1919,6 +1927,8 @@ ssl3_get_client_key_exchange(SSL *s)
1919 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ 1927 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
1920 } 1928 }
1921 1929
1930 if (p + 2 - d > n) /* needed in the SSL3 case */
1931 goto truncated;
1922 if ((al == -1) && !((p[0] == (s->client_version >> 8)) && 1932 if ((al == -1) && !((p[0] == (s->client_version >> 8)) &&
1923 (p[1] == (s->client_version & 0xff)))) { 1933 (p[1] == (s->client_version & 0xff)))) {
1924 /* 1934 /*
@@ -1975,6 +1985,8 @@ ssl3_get_client_key_exchange(SSL *s)
1975 OPENSSL_cleanse(p, i); 1985 OPENSSL_cleanse(p, i);
1976 } else 1986 } else
1977 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { 1987 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
1988 if (2 > n)
1989 goto truncated;
1978 n2s(p, i); 1990 n2s(p, i);
1979 if (n != i + 2) { 1991 if (n != i + 2) {
1980 if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { 1992 if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
@@ -2206,6 +2218,8 @@ ssl3_get_client_key_exchange(SSL *s)
2206 client_pub_pkey) <= 0) 2218 client_pub_pkey) <= 0)
2207 ERR_clear_error(); 2219 ERR_clear_error();
2208 } 2220 }
2221 if (2 > n)
2222 goto truncated;
2209 /* Decrypt session key */ 2223 /* Decrypt session key */
2210 if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, 2224 if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag,
2211 &Tclass, n) != V_ASN1_CONSTRUCTED || 2225 &Tclass, n) != V_ASN1_CONSTRUCTED ||
@@ -2242,11 +2256,14 @@ gerr:
2242 } else { 2256 } else {
2243 al = SSL_AD_HANDSHAKE_FAILURE; 2257 al = SSL_AD_HANDSHAKE_FAILURE;
2244 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2258 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2245 SSL_R_UNKNOWN_CIPHER_TYPE); 2259 SSL_R_UNKNOWN_CIPHER_TYPE);
2246 goto f_err; 2260 goto f_err;
2247 } 2261 }
2248 2262
2249 return (1); 2263 return (1);
2264truncated:
2265 al = SSL_AD_DECODE_ERROR;
2266 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
2250f_err: 2267f_err:
2251 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2268 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2252err: 2269err:
@@ -2338,6 +2355,8 @@ ssl3_get_cert_verify(SSL *s)
2338 al = SSL_AD_INTERNAL_ERROR; 2355 al = SSL_AD_INTERNAL_ERROR;
2339 goto f_err; 2356 goto f_err;
2340 } 2357 }
2358 if (2 > n)
2359 goto truncated;
2341 /* Check key type is consistent with signature */ 2360 /* Check key type is consistent with signature */
2342 if (sigalg != (int)p[1]) { 2361 if (sigalg != (int)p[1]) {
2343 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2362 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
@@ -2355,14 +2374,12 @@ ssl3_get_cert_verify(SSL *s)
2355 p += 2; 2374 p += 2;
2356 n -= 2; 2375 n -= 2;
2357 } 2376 }
2377 if (2 > n)
2378 goto truncated;
2358 n2s(p, i); 2379 n2s(p, i);
2359 n -= 2; 2380 n -= 2;
2360 if (i > n) { 2381 if (i > n)
2361 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2382 goto truncated;
2362 SSL_R_LENGTH_MISMATCH);
2363 al = SSL_AD_DECODE_ERROR;
2364 goto f_err;
2365 }
2366 } 2383 }
2367 j = EVP_PKEY_size(pkey); 2384 j = EVP_PKEY_size(pkey);
2368 if ((i > j) || (n > j) || (n <= 0)) { 2385 if ((i > j) || (n > j) || (n <= 0)) {
@@ -2445,7 +2462,10 @@ ssl3_get_cert_verify(SSL *s)
2445 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); 2462 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
2446 EVP_PKEY_verify_init(pctx); 2463 EVP_PKEY_verify_init(pctx);
2447 if (i != 64) { 2464 if (i != 64) {
2448 fprintf(stderr, "GOST signature length is %d", i); 2465 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2466 SSL_R_WRONG_SIGNATURE_SIZE);
2467 al = SSL_AD_DECODE_ERROR;
2468 goto f_err;
2449 } 2469 }
2450 for (idx = 0; idx < 64; idx++) { 2470 for (idx = 0; idx < 64; idx++) {
2451 signature[63 - idx] = p[idx]; 2471 signature[63 - idx] = p[idx];
@@ -2469,6 +2489,9 @@ ssl3_get_cert_verify(SSL *s)
2469 2489
2470 ret = 1; 2490 ret = 1;
2471 if (0) { 2491 if (0) {
2492truncated:
2493 al = SSL_AD_DECODE_ERROR;
2494 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_PACKET_LENGTH);
2472f_err: 2495f_err:
2473 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2496 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2474 } 2497 }
@@ -2490,7 +2513,6 @@ ssl3_get_client_certificate(SSL *s)
2490 X509 *x = NULL; 2513 X509 *x = NULL;
2491 unsigned long l, nc, llen, n; 2514 unsigned long l, nc, llen, n;
2492 const unsigned char *p, *q; 2515 const unsigned char *p, *q;
2493 unsigned char *d;
2494 STACK_OF(X509) *sk = NULL; 2516 STACK_OF(X509) *sk = NULL;
2495 2517
2496 n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, 2518 n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
@@ -2528,7 +2550,7 @@ ssl3_get_client_certificate(SSL *s)
2528 SSL_R_WRONG_MESSAGE_TYPE); 2550 SSL_R_WRONG_MESSAGE_TYPE);
2529 goto f_err; 2551 goto f_err;
2530 } 2552 }
2531 p = d = (unsigned char *)s->init_msg; 2553 p = (const unsigned char *)s->init_msg;
2532 2554
2533 if ((sk = sk_X509_new_null()) == NULL) { 2555 if ((sk = sk_X509_new_null()) == NULL) {
2534 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2556 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
@@ -2536,16 +2558,14 @@ ssl3_get_client_certificate(SSL *s)
2536 goto err; 2558 goto err;
2537 } 2559 }
2538 2560
2561 if (3 > n)
2562 goto truncated;
2539 n2l3(p, llen); 2563 n2l3(p, llen);
2540 if (llen + 3 != n) { 2564 if (llen + 3 != n)
2541 al = SSL_AD_DECODE_ERROR; 2565 goto truncated;
2542 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2543 SSL_R_LENGTH_MISMATCH);
2544 goto f_err;
2545 }
2546 for (nc = 0; nc < llen;) { 2566 for (nc = 0; nc < llen;) {
2547 n2l3(p, l); 2567 n2l3(p, l);
2548 if ((l + nc + 3) > llen) { 2568 if (l + nc + 3 > llen) {
2549 al = SSL_AD_DECODE_ERROR; 2569 al = SSL_AD_DECODE_ERROR;
2550 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2570 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2551 SSL_R_CERT_LENGTH_MISMATCH); 2571 SSL_R_CERT_LENGTH_MISMATCH);
@@ -2635,6 +2655,10 @@ ssl3_get_client_certificate(SSL *s)
2635 2655
2636 ret = 1; 2656 ret = 1;
2637 if (0) { 2657 if (0) {
2658truncated:
2659 al = SSL_AD_DECODE_ERROR;
2660 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2661 SSL_R_BAD_PACKET_LENGTH);
2638f_err: 2662f_err:
2639 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2663 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2640 } 2664 }
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 3f47a3854b..b85908c733 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.28 2014/07/11 09:24:44 beck Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.29 2014/07/11 22:57:25 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -879,6 +879,8 @@ dtls1_get_hello_verify(SSL *s)
879 return (1); 879 return (1);
880 } 880 }
881 881
882 if (2 > n)
883 goto truncated;
882 data = (unsigned char *)s->init_msg; 884 data = (unsigned char *)s->init_msg;
883 885
884 if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) { 886 if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) {
@@ -889,7 +891,11 @@ dtls1_get_hello_verify(SSL *s)
889 } 891 }
890 data += 2; 892 data += 2;
891 893
894 if (2 + 1 > n)
895 goto truncated;
892 cookie_len = *(data++); 896 cookie_len = *(data++);
897 if (2 + 1 + cookie_len > n)
898 goto truncated;
893 if (cookie_len > sizeof(s->d1->cookie)) { 899 if (cookie_len > sizeof(s->d1->cookie)) {
894 al = SSL_AD_ILLEGAL_PARAMETER; 900 al = SSL_AD_ILLEGAL_PARAMETER;
895 goto f_err; 901 goto f_err;
@@ -901,6 +907,8 @@ dtls1_get_hello_verify(SSL *s)
901 s->d1->send_cookie = 1; 907 s->d1->send_cookie = 1;
902 return 1; 908 return 1;
903 909
910truncated:
911 al = SSL_AD_DECODE_ERROR;
904f_err: 912f_err:
905 ssl3_send_alert(s, SSL3_AL_FATAL, al); 913 ssl3_send_alert(s, SSL3_AL_FATAL, al);
906 return -1; 914 return -1;
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 3596acf1de..884b9f1efb 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.77 2014/07/11 15:44:53 miod Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.78 2014/07/11 22:57:25 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -814,6 +814,8 @@ ssl3_get_server_hello(SSL *s)
814 814
815 d = p = (unsigned char *)s->init_msg; 815 d = p = (unsigned char *)s->init_msg;
816 816
817 if (2 > n)
818 goto truncated;
817 if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { 819 if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
818 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); 820 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
819 s->version = (s->version&0xff00) | p[1]; 821 s->version = (s->version&0xff00) | p[1];
@@ -823,6 +825,10 @@ ssl3_get_server_hello(SSL *s)
823 p += 2; 825 p += 2;
824 826
825 /* load the server hello data */ 827 /* load the server hello data */
828
829 if (p + SSL3_RANDOM_SIZE + 1 - d > n)
830 goto truncated;
831
826 /* load the server random */ 832 /* load the server random */
827 memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE); 833 memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE);
828 p += SSL3_RANDOM_SIZE; 834 p += SSL3_RANDOM_SIZE;
@@ -838,6 +844,9 @@ ssl3_get_server_hello(SSL *s)
838 goto f_err; 844 goto f_err;
839 } 845 }
840 846
847 if (p + j + 2 - d > n)
848 goto truncated;
849
841 /* 850 /*
842 * Check if we want to resume the session based on external 851 * Check if we want to resume the session based on external
843 * pre-shared secret 852 * pre-shared secret
@@ -935,6 +944,8 @@ ssl3_get_server_hello(SSL *s)
935 } 944 }
936 /* lets get the compression algorithm */ 945 /* lets get the compression algorithm */
937 /* COMPRESSION */ 946 /* COMPRESSION */
947 if (p + 1 - d > n)
948 goto truncated;
938 if (*(p++) != 0) { 949 if (*(p++) != 0) {
939 al = SSL_AD_ILLEGAL_PARAMETER; 950 al = SSL_AD_ILLEGAL_PARAMETER;
940 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 951 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
@@ -958,15 +969,15 @@ ssl3_get_server_hello(SSL *s)
958 } 969 }
959 } 970 }
960 971
961 if (p != (d + n)) { 972 if (p != d + n)
962 /* wrong packet length */ 973 goto truncated;
963 al = SSL_AD_DECODE_ERROR;
964 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
965 SSL_R_BAD_PACKET_LENGTH);
966 goto f_err;
967 }
968 974
969 return (1); 975 return (1);
976
977truncated:
978 /* wrong packet length */
979 al = SSL_AD_DECODE_ERROR;
980 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
970f_err: 981f_err:
971 ssl3_send_alert(s, SSL3_AL_FATAL, al); 982 ssl3_send_alert(s, SSL3_AL_FATAL, al);
972err: 983err:
@@ -1015,6 +1026,8 @@ ssl3_get_server_certificate(SSL *s)
1015 goto err; 1026 goto err;
1016 } 1027 }
1017 1028
1029 if (p + 3 - d > n)
1030 goto truncated;
1018 n2l3(p, llen); 1031 n2l3(p, llen);
1019 if (llen + 3 != n) { 1032 if (llen + 3 != n) {
1020 al = SSL_AD_DECODE_ERROR; 1033 al = SSL_AD_DECODE_ERROR;
@@ -1023,6 +1036,8 @@ ssl3_get_server_certificate(SSL *s)
1023 goto f_err; 1036 goto f_err;
1024 } 1037 }
1025 for (nc = 0; nc < llen; ) { 1038 for (nc = 0; nc < llen; ) {
1039 if (p + 3 - d > n)
1040 goto truncated;
1026 n2l3(p, l); 1041 n2l3(p, l);
1027 if ((l + nc + 3) > llen) { 1042 if ((l + nc + 3) > llen) {
1028 al = SSL_AD_DECODE_ERROR; 1043 al = SSL_AD_DECODE_ERROR;
@@ -1094,7 +1109,7 @@ ssl3_get_server_certificate(SSL *s)
1094 x = NULL; 1109 x = NULL;
1095 al = SSL3_AL_FATAL; 1110 al = SSL3_AL_FATAL;
1096 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1111 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1097 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); 1112 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1098 goto f_err; 1113 goto f_err;
1099 } 1114 }
1100 1115
@@ -1103,7 +1118,7 @@ ssl3_get_server_certificate(SSL *s)
1103 x = NULL; 1118 x = NULL;
1104 al = SSL3_AL_FATAL; 1119 al = SSL3_AL_FATAL;
1105 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1120 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1106 SSL_R_UNKNOWN_CERTIFICATE_TYPE); 1121 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1107 goto f_err; 1122 goto f_err;
1108 } 1123 }
1109 1124
@@ -1137,6 +1152,11 @@ ssl3_get_server_certificate(SSL *s)
1137 ret = 1; 1152 ret = 1;
1138 1153
1139 if (0) { 1154 if (0) {
1155truncated:
1156 /* wrong packet length */
1157 al = SSL_AD_DECODE_ERROR;
1158 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1159 SSL_R_BAD_PACKET_LENGTH);
1140f_err: 1160f_err:
1141 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1161 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1142 } 1162 }
@@ -1206,6 +1226,8 @@ ssl3_get_key_exchange(SSL *s)
1206 ERR_R_MALLOC_FAILURE); 1226 ERR_R_MALLOC_FAILURE);
1207 goto err; 1227 goto err;
1208 } 1228 }
1229 if (2 > n)
1230 goto truncated;
1209 n2s(p, i); 1231 n2s(p, i);
1210 param_len = i + 2; 1232 param_len = i + 2;
1211 if (param_len > n) { 1233 if (param_len > n) {
@@ -1221,6 +1243,8 @@ ssl3_get_key_exchange(SSL *s)
1221 } 1243 }
1222 p += i; 1244 p += i;
1223 1245
1246 if (param_len + 2 > n)
1247 goto truncated;
1224 n2s(p, i); 1248 n2s(p, i);
1225 param_len += i + 2; 1249 param_len += i + 2;
1226 if (param_len > n) { 1250 if (param_len > n) {
@@ -1258,6 +1282,8 @@ ssl3_get_key_exchange(SSL *s)
1258 ERR_R_DH_LIB); 1282 ERR_R_DH_LIB);
1259 goto err; 1283 goto err;
1260 } 1284 }
1285 if (2 > n)
1286 goto truncated;
1261 n2s(p, i); 1287 n2s(p, i);
1262 param_len = i + 2; 1288 param_len = i + 2;
1263 if (param_len > n) { 1289 if (param_len > n) {
@@ -1273,6 +1299,8 @@ ssl3_get_key_exchange(SSL *s)
1273 } 1299 }
1274 p += i; 1300 p += i;
1275 1301
1302 if (param_len + 2 > n)
1303 goto truncated;
1276 n2s(p, i); 1304 n2s(p, i);
1277 param_len += i + 2; 1305 param_len += i + 2;
1278 if (param_len > n) { 1306 if (param_len > n) {
@@ -1288,6 +1316,8 @@ ssl3_get_key_exchange(SSL *s)
1288 } 1316 }
1289 p += i; 1317 p += i;
1290 1318
1319 if (param_len + 2 > n)
1320 goto truncated;
1291 n2s(p, i); 1321 n2s(p, i);
1292 param_len += i + 2; 1322 param_len += i + 2;
1293 if (param_len > n) { 1323 if (param_len > n) {
@@ -1376,6 +1406,8 @@ ssl3_get_key_exchange(SSL *s)
1376 goto err; 1406 goto err;
1377 } 1407 }
1378 1408
1409 if (param_len + 1 > n)
1410 goto truncated;
1379 encoded_pt_len = *p; 1411 encoded_pt_len = *p;
1380 /* length of encoded point */ 1412 /* length of encoded point */
1381 p += 1; 1413 p += 1;
@@ -1435,6 +1467,8 @@ ssl3_get_key_exchange(SSL *s)
1435 * Check key type is consistent 1467 * Check key type is consistent
1436 * with signature 1468 * with signature
1437 */ 1469 */
1470 if (2 > n)
1471 goto truncated;
1438 if (sigalg != (int)p[1]) { 1472 if (sigalg != (int)p[1]) {
1439 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1473 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1440 SSL_R_WRONG_SIGNATURE_TYPE); 1474 SSL_R_WRONG_SIGNATURE_TYPE);
@@ -1453,11 +1487,13 @@ ssl3_get_key_exchange(SSL *s)
1453 } else 1487 } else
1454 md = EVP_sha1(); 1488 md = EVP_sha1();
1455 1489
1490 if (2 > n)
1491 goto truncated;
1456 n2s(p, i); 1492 n2s(p, i);
1457 n -= 2; 1493 n -= 2;
1458 j = EVP_PKEY_size(pkey); 1494 j = EVP_PKEY_size(pkey);
1459 1495
1460 if ((i != n) || (n > j) || (n <= 0)) { 1496 if (i != n || n > j) {
1461 /* wrong packet length */ 1497 /* wrong packet length */
1462 al = SSL_AD_DECODE_ERROR; 1498 al = SSL_AD_DECODE_ERROR;
1463 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1499 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
@@ -1534,6 +1570,10 @@ ssl3_get_key_exchange(SSL *s)
1534 EVP_PKEY_free(pkey); 1570 EVP_PKEY_free(pkey);
1535 EVP_MD_CTX_cleanup(&md_ctx); 1571 EVP_MD_CTX_cleanup(&md_ctx);
1536 return (1); 1572 return (1);
1573truncated:
1574 /* wrong packet length */
1575 al = SSL_AD_DECODE_ERROR;
1576 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
1537f_err: 1577f_err:
1538 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1578 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1539err: 1579err:
@@ -1606,13 +1646,26 @@ ssl3_get_certificate_request(SSL *s)
1606 } 1646 }
1607 1647
1608 /* get the certificate types */ 1648 /* get the certificate types */
1649 if (1 > n)
1650 goto truncated;
1609 ctype_num= *(p++); 1651 ctype_num= *(p++);
1610 if (ctype_num > SSL3_CT_NUMBER) 1652 if (ctype_num > SSL3_CT_NUMBER)
1611 ctype_num = SSL3_CT_NUMBER; 1653 ctype_num = SSL3_CT_NUMBER;
1654 if (p + ctype_num - d > n) {
1655 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1656 SSL_R_DATA_LENGTH_TOO_LONG);
1657 goto err;
1658 }
1659
1612 for (i = 0; i < ctype_num; i++) 1660 for (i = 0; i < ctype_num; i++)
1613 s->s3->tmp.ctype[i] = p[i]; 1661 s->s3->tmp.ctype[i] = p[i];
1614 p += ctype_num; 1662 p += ctype_num;
1615 if (SSL_USE_SIGALGS(s)) { 1663 if (SSL_USE_SIGALGS(s)) {
1664 if (p + 2 - d > n) {
1665 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1666 SSL_R_DATA_LENGTH_TOO_LONG);
1667 goto err;
1668 }
1616 n2s(p, llen); 1669 n2s(p, llen);
1617 /* Check we have enough room for signature algorithms and 1670 /* Check we have enough room for signature algorithms and
1618 * following length value. 1671 * following length value.
@@ -1633,6 +1686,11 @@ ssl3_get_certificate_request(SSL *s)
1633 } 1686 }
1634 1687
1635 /* get the CA RDNs */ 1688 /* get the CA RDNs */
1689 if (p + 2 - d > n) {
1690 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1691 SSL_R_DATA_LENGTH_TOO_LONG);
1692 goto err;
1693 }
1636 n2s(p, llen); 1694 n2s(p, llen);
1637 1695
1638 if ((unsigned long)(p - d + llen) != n) { 1696 if ((unsigned long)(p - d + llen) != n) {
@@ -1698,6 +1756,11 @@ cont:
1698 ca_sk = NULL; 1756 ca_sk = NULL;
1699 1757
1700 ret = 1; 1758 ret = 1;
1759 if (0) {
1760truncated:
1761 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1762 SSL_R_BAD_PACKET_LENGTH);
1763 }
1701err: 1764err:
1702 if (ca_sk != NULL) 1765 if (ca_sk != NULL)
1703 sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); 1766 sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 66a4552237..89325b7be9 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.74 2014/07/11 15:18:52 miod Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.75 2014/07/11 22:57:25 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -894,18 +894,17 @@ ssl3_get_client_hello(SSL *s)
894 s->state = SSL3_ST_SR_CLNT_HELLO_B; 894 s->state = SSL3_ST_SR_CLNT_HELLO_B;
895 } 895 }
896 s->first_packet = 1; 896 s->first_packet = 1;
897 n = s->method->ssl_get_message(s, 897 n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
898 SSL3_ST_SR_CLNT_HELLO_B, 898 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
899 SSL3_ST_SR_CLNT_HELLO_C, 899 SSL3_RT_MAX_PLAIN_LENGTH, &ok);
900 SSL3_MT_CLIENT_HELLO,
901 SSL3_RT_MAX_PLAIN_LENGTH,
902 &ok);
903 900
904 if (!ok) 901 if (!ok)
905 return ((int)n); 902 return ((int)n);
906 s->first_packet = 0; 903 s->first_packet = 0;
907 d = p=(unsigned char *)s->init_msg; 904 d = p = (unsigned char *)s->init_msg;
908 905
906 if (2 > n)
907 goto truncated;
909 /* 908 /*
910 * Use version from inside client hello, not from record header. 909 * Use version from inside client hello, not from record header.
911 * (may differ: see RFC 2246, Appendix E, second paragraph) 910 * (may differ: see RFC 2246, Appendix E, second paragraph)
@@ -944,12 +943,17 @@ ssl3_get_client_hello(SSL *s)
944 return (1); 943 return (1);
945 } 944 }
946 945
946 if (p + SSL3_RANDOM_SIZE + 1 - d > n)
947 goto truncated;
948
947 /* load the client random */ 949 /* load the client random */
948 memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE); 950 memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE);
949 p += SSL3_RANDOM_SIZE; 951 p += SSL3_RANDOM_SIZE;
950 952
951 /* get the session-id */ 953 /* get the session-id */
952 j= *(p++); 954 j= *(p++);
955 if (p + j - d > n)
956 goto truncated;
953 957
954 s->hit = 0; 958 s->hit = 0;
955 /* 959 /*
@@ -988,6 +992,8 @@ ssl3_get_client_hello(SSL *s)
988 992
989 if (SSL_IS_DTLS(s)) { 993 if (SSL_IS_DTLS(s)) {
990 /* cookie stuff */ 994 /* cookie stuff */
995 if (p + 1 - d > n)
996 goto truncated;
991 cookie_len = *(p++); 997 cookie_len = *(p++);
992 998
993 /* 999 /*
@@ -1003,6 +1009,9 @@ ssl3_get_client_hello(SSL *s)
1003 goto f_err; 1009 goto f_err;
1004 } 1010 }
1005 1011
1012 if (p + cookie_len - d > n)
1013 goto truncated;
1014
1006 /* verify the cookie if appropriate option is set. */ 1015 /* verify the cookie if appropriate option is set. */
1007 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && 1016 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
1008 cookie_len > 0) { 1017 cookie_len > 0) {
@@ -1032,6 +1041,8 @@ ssl3_get_client_hello(SSL *s)
1032 p += cookie_len; 1041 p += cookie_len;
1033 } 1042 }
1034 1043
1044 if (p + 2 - d > n)
1045 goto truncated;
1035 n2s(p, i); 1046 n2s(p, i);
1036 if ((i == 0) && (j != 0)) { 1047 if ((i == 0) && (j != 0)) {
1037 /* we need a cipher if we are not resuming a session */ 1048 /* we need a cipher if we are not resuming a session */
@@ -1040,13 +1051,8 @@ ssl3_get_client_hello(SSL *s)
1040 SSL_R_NO_CIPHERS_SPECIFIED); 1051 SSL_R_NO_CIPHERS_SPECIFIED);
1041 goto f_err; 1052 goto f_err;
1042 } 1053 }
1043 if ((p + i) >= (d + n)) { 1054 if (p + i - d > n)
1044 /* not enough data */ 1055 goto truncated;
1045 al = SSL_AD_DECODE_ERROR;
1046 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1047 SSL_R_LENGTH_MISMATCH);
1048 goto f_err;
1049 }
1050 if ((i > 0) && 1056 if ((i > 0) &&
1051 (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL)) { 1057 (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL)) {
1052 goto err; 1058 goto err;
@@ -1078,14 +1084,11 @@ ssl3_get_client_hello(SSL *s)
1078 } 1084 }
1079 1085
1080 /* compression */ 1086 /* compression */
1087 if (p + 1 - d > n)
1088 goto truncated;
1081 i= *(p++); 1089 i= *(p++);
1082 if ((p + i) > (d + n)) { 1090 if (p + i - d > n)
1083 /* not enough data */ 1091 goto truncated;
1084 al = SSL_AD_DECODE_ERROR;
1085 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1086 SSL_R_LENGTH_MISMATCH);
1087 goto f_err;
1088 }
1089 for (j = 0; j < i; j++) { 1092 for (j = 0; j < i; j++) {
1090 if (p[j] == 0) 1093 if (p[j] == 0)
1091 break; 1094 break;
@@ -1247,6 +1250,9 @@ ssl3_get_client_hello(SSL *s)
1247 if (ret < 0) 1250 if (ret < 0)
1248 ret = 1; 1251 ret = 1;
1249 if (0) { 1252 if (0) {
1253truncated:
1254 al = SSL_AD_DECODE_ERROR;
1255 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_BAD_PACKET_LENGTH);
1250f_err: 1256f_err:
1251 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1257 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1252 } 1258 }
@@ -1847,7 +1853,7 @@ ssl3_get_client_key_exchange(SSL *s)
1847 int i, al, ok; 1853 int i, al, ok;
1848 long n; 1854 long n;
1849 unsigned long alg_k; 1855 unsigned long alg_k;
1850 unsigned char *p; 1856 unsigned char *d, *p;
1851 RSA *rsa = NULL; 1857 RSA *rsa = NULL;
1852 EVP_PKEY *pkey = NULL; 1858 EVP_PKEY *pkey = NULL;
1853 BIGNUM *pub = NULL; 1859 BIGNUM *pub = NULL;
@@ -1863,7 +1869,7 @@ ssl3_get_client_key_exchange(SSL *s)
1863 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok); 1869 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
1864 if (!ok) 1870 if (!ok)
1865 return ((int)n); 1871 return ((int)n);
1866 p = (unsigned char *)s->init_msg; 1872 d = p = (unsigned char *)s->init_msg;
1867 1873
1868 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1874 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1869 1875
@@ -1897,6 +1903,8 @@ ssl3_get_client_key_exchange(SSL *s)
1897 1903
1898 /* TLS and [incidentally] DTLS{0xFEFF} */ 1904 /* TLS and [incidentally] DTLS{0xFEFF} */
1899 if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) { 1905 if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {
1906 if (2 > n)
1907 goto truncated;
1900 n2s(p, i); 1908 n2s(p, i);
1901 if (n != i + 2) { 1909 if (n != i + 2) {
1902 if (!(s->options & SSL_OP_TLS_D5_BUG)) { 1910 if (!(s->options & SSL_OP_TLS_D5_BUG)) {
@@ -1919,6 +1927,8 @@ ssl3_get_client_key_exchange(SSL *s)
1919 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ 1927 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
1920 } 1928 }
1921 1929
1930 if (p + 2 - d > n) /* needed in the SSL3 case */
1931 goto truncated;
1922 if ((al == -1) && !((p[0] == (s->client_version >> 8)) && 1932 if ((al == -1) && !((p[0] == (s->client_version >> 8)) &&
1923 (p[1] == (s->client_version & 0xff)))) { 1933 (p[1] == (s->client_version & 0xff)))) {
1924 /* 1934 /*
@@ -1975,6 +1985,8 @@ ssl3_get_client_key_exchange(SSL *s)
1975 OPENSSL_cleanse(p, i); 1985 OPENSSL_cleanse(p, i);
1976 } else 1986 } else
1977 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { 1987 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
1988 if (2 > n)
1989 goto truncated;
1978 n2s(p, i); 1990 n2s(p, i);
1979 if (n != i + 2) { 1991 if (n != i + 2) {
1980 if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { 1992 if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
@@ -2206,6 +2218,8 @@ ssl3_get_client_key_exchange(SSL *s)
2206 client_pub_pkey) <= 0) 2218 client_pub_pkey) <= 0)
2207 ERR_clear_error(); 2219 ERR_clear_error();
2208 } 2220 }
2221 if (2 > n)
2222 goto truncated;
2209 /* Decrypt session key */ 2223 /* Decrypt session key */
2210 if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, 2224 if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag,
2211 &Tclass, n) != V_ASN1_CONSTRUCTED || 2225 &Tclass, n) != V_ASN1_CONSTRUCTED ||
@@ -2242,11 +2256,14 @@ gerr:
2242 } else { 2256 } else {
2243 al = SSL_AD_HANDSHAKE_FAILURE; 2257 al = SSL_AD_HANDSHAKE_FAILURE;
2244 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2258 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2245 SSL_R_UNKNOWN_CIPHER_TYPE); 2259 SSL_R_UNKNOWN_CIPHER_TYPE);
2246 goto f_err; 2260 goto f_err;
2247 } 2261 }
2248 2262
2249 return (1); 2263 return (1);
2264truncated:
2265 al = SSL_AD_DECODE_ERROR;
2266 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
2250f_err: 2267f_err:
2251 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2268 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2252err: 2269err:
@@ -2338,6 +2355,8 @@ ssl3_get_cert_verify(SSL *s)
2338 al = SSL_AD_INTERNAL_ERROR; 2355 al = SSL_AD_INTERNAL_ERROR;
2339 goto f_err; 2356 goto f_err;
2340 } 2357 }
2358 if (2 > n)
2359 goto truncated;
2341 /* Check key type is consistent with signature */ 2360 /* Check key type is consistent with signature */
2342 if (sigalg != (int)p[1]) { 2361 if (sigalg != (int)p[1]) {
2343 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2362 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
@@ -2355,14 +2374,12 @@ ssl3_get_cert_verify(SSL *s)
2355 p += 2; 2374 p += 2;
2356 n -= 2; 2375 n -= 2;
2357 } 2376 }
2377 if (2 > n)
2378 goto truncated;
2358 n2s(p, i); 2379 n2s(p, i);
2359 n -= 2; 2380 n -= 2;
2360 if (i > n) { 2381 if (i > n)
2361 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2382 goto truncated;
2362 SSL_R_LENGTH_MISMATCH);
2363 al = SSL_AD_DECODE_ERROR;
2364 goto f_err;
2365 }
2366 } 2383 }
2367 j = EVP_PKEY_size(pkey); 2384 j = EVP_PKEY_size(pkey);
2368 if ((i > j) || (n > j) || (n <= 0)) { 2385 if ((i > j) || (n > j) || (n <= 0)) {
@@ -2445,7 +2462,10 @@ ssl3_get_cert_verify(SSL *s)
2445 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); 2462 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
2446 EVP_PKEY_verify_init(pctx); 2463 EVP_PKEY_verify_init(pctx);
2447 if (i != 64) { 2464 if (i != 64) {
2448 fprintf(stderr, "GOST signature length is %d", i); 2465 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2466 SSL_R_WRONG_SIGNATURE_SIZE);
2467 al = SSL_AD_DECODE_ERROR;
2468 goto f_err;
2449 } 2469 }
2450 for (idx = 0; idx < 64; idx++) { 2470 for (idx = 0; idx < 64; idx++) {
2451 signature[63 - idx] = p[idx]; 2471 signature[63 - idx] = p[idx];
@@ -2469,6 +2489,9 @@ ssl3_get_cert_verify(SSL *s)
2469 2489
2470 ret = 1; 2490 ret = 1;
2471 if (0) { 2491 if (0) {
2492truncated:
2493 al = SSL_AD_DECODE_ERROR;
2494 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_PACKET_LENGTH);
2472f_err: 2495f_err:
2473 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2496 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2474 } 2497 }
@@ -2490,7 +2513,6 @@ ssl3_get_client_certificate(SSL *s)
2490 X509 *x = NULL; 2513 X509 *x = NULL;
2491 unsigned long l, nc, llen, n; 2514 unsigned long l, nc, llen, n;
2492 const unsigned char *p, *q; 2515 const unsigned char *p, *q;
2493 unsigned char *d;
2494 STACK_OF(X509) *sk = NULL; 2516 STACK_OF(X509) *sk = NULL;
2495 2517
2496 n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, 2518 n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
@@ -2528,7 +2550,7 @@ ssl3_get_client_certificate(SSL *s)
2528 SSL_R_WRONG_MESSAGE_TYPE); 2550 SSL_R_WRONG_MESSAGE_TYPE);
2529 goto f_err; 2551 goto f_err;
2530 } 2552 }
2531 p = d = (unsigned char *)s->init_msg; 2553 p = (const unsigned char *)s->init_msg;
2532 2554
2533 if ((sk = sk_X509_new_null()) == NULL) { 2555 if ((sk = sk_X509_new_null()) == NULL) {
2534 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2556 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
@@ -2536,16 +2558,14 @@ ssl3_get_client_certificate(SSL *s)
2536 goto err; 2558 goto err;
2537 } 2559 }
2538 2560
2561 if (3 > n)
2562 goto truncated;
2539 n2l3(p, llen); 2563 n2l3(p, llen);
2540 if (llen + 3 != n) { 2564 if (llen + 3 != n)
2541 al = SSL_AD_DECODE_ERROR; 2565 goto truncated;
2542 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2543 SSL_R_LENGTH_MISMATCH);
2544 goto f_err;
2545 }
2546 for (nc = 0; nc < llen;) { 2566 for (nc = 0; nc < llen;) {
2547 n2l3(p, l); 2567 n2l3(p, l);
2548 if ((l + nc + 3) > llen) { 2568 if (l + nc + 3 > llen) {
2549 al = SSL_AD_DECODE_ERROR; 2569 al = SSL_AD_DECODE_ERROR;
2550 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2570 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2551 SSL_R_CERT_LENGTH_MISMATCH); 2571 SSL_R_CERT_LENGTH_MISMATCH);
@@ -2635,6 +2655,10 @@ ssl3_get_client_certificate(SSL *s)
2635 2655
2636 ret = 1; 2656 ret = 1;
2637 if (0) { 2657 if (0) {
2658truncated:
2659 al = SSL_AD_DECODE_ERROR;
2660 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2661 SSL_R_BAD_PACKET_LENGTH);
2638f_err: 2662f_err:
2639 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2663 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2640 } 2664 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 11:24:03 +0000