diff options
| author | jsing <> | 2014-12-06 13:28:56 +0000 |
|---|---|---|
| committer | jsing <> | 2014-12-06 13:28:56 +0000 |
| commit | 737df48ca584850ed0b5d4bb60494b65386a5d5f (patch) | |
| tree | 5fce824b85e133ceb0cb486d5da78f14b279ad0a /src | |
| parent | 620adf8d12a202de54144b22b6ee4fa8c70e16bf (diff) | |
| download | openbsd-737df48ca584850ed0b5d4bb60494b65386a5d5f.tar.gz openbsd-737df48ca584850ed0b5d4bb60494b65386a5d5f.tar.bz2 openbsd-737df48ca584850ed0b5d4bb60494b65386a5d5f.zip | |
Ensure that the client specified EC curve list length is a multiple of two.
The EC curve handling code assumes this to be the case and will read one
byte off the end of the curve list during processing, in the case where it
is not.
ok miod@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 5 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 5 |
2 files changed, 6 insertions, 4 deletions
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 3412e70d30..5a6c0ddba0 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.69 2014/12/06 13:21:14 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.70 2014/12/06 13:28:56 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1370,7 +1370,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1370 | ellipticcurvelist_length += (*(sdata++)); | 1370 | ellipticcurvelist_length += (*(sdata++)); |
| 1371 | 1371 | ||
| 1372 | if (ellipticcurvelist_length != size - 2 || | 1372 | if (ellipticcurvelist_length != size - 2 || |
| 1373 | ellipticcurvelist_length < 1) { | 1373 | ellipticcurvelist_length < 1 || |
| 1374 | ellipticcurvelist_length % 2 != 0) { | ||
| 1374 | *al = TLS1_AD_DECODE_ERROR; | 1375 | *al = TLS1_AD_DECODE_ERROR; |
| 1375 | return 0; | 1376 | return 0; |
| 1376 | } | 1377 | } |
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 3412e70d30..5a6c0ddba0 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.69 2014/12/06 13:21:14 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.70 2014/12/06 13:28:56 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1370,7 +1370,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1370 | ellipticcurvelist_length += (*(sdata++)); | 1370 | ellipticcurvelist_length += (*(sdata++)); |
| 1371 | 1371 | ||
| 1372 | if (ellipticcurvelist_length != size - 2 || | 1372 | if (ellipticcurvelist_length != size - 2 || |
| 1373 | ellipticcurvelist_length < 1) { | 1373 | ellipticcurvelist_length < 1 || |
| 1374 | ellipticcurvelist_length % 2 != 0) { | ||
| 1374 | *al = TLS1_AD_DECODE_ERROR; | 1375 | *al = TLS1_AD_DECODE_ERROR; |
| 1375 | return 0; | 1376 | return 0; |
| 1376 | } | 1377 | } |