diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 85 |
1 files changed, 74 insertions, 11 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 3596acf1de..884b9f1efb 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.77 2014/07/11 15:44:53 miod Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.78 2014/07/11 22:57:25 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -814,6 +814,8 @@ ssl3_get_server_hello(SSL *s) | |||
| 814 | 814 | ||
| 815 | d = p = (unsigned char *)s->init_msg; | 815 | d = p = (unsigned char *)s->init_msg; |
| 816 | 816 | ||
| 817 | if (2 > n) | ||
| 818 | goto truncated; | ||
| 817 | if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { | 819 | if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { |
| 818 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); | 820 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); |
| 819 | s->version = (s->version&0xff00) | p[1]; | 821 | s->version = (s->version&0xff00) | p[1]; |
| @@ -823,6 +825,10 @@ ssl3_get_server_hello(SSL *s) | |||
| 823 | p += 2; | 825 | p += 2; |
| 824 | 826 | ||
| 825 | /* load the server hello data */ | 827 | /* load the server hello data */ |
| 828 | |||
| 829 | if (p + SSL3_RANDOM_SIZE + 1 - d > n) | ||
| 830 | goto truncated; | ||
| 831 | |||
| 826 | /* load the server random */ | 832 | /* load the server random */ |
| 827 | memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE); | 833 | memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE); |
| 828 | p += SSL3_RANDOM_SIZE; | 834 | p += SSL3_RANDOM_SIZE; |
| @@ -838,6 +844,9 @@ ssl3_get_server_hello(SSL *s) | |||
| 838 | goto f_err; | 844 | goto f_err; |
| 839 | } | 845 | } |
| 840 | 846 | ||
| 847 | if (p + j + 2 - d > n) | ||
| 848 | goto truncated; | ||
| 849 | |||
| 841 | /* | 850 | /* |
| 842 | * Check if we want to resume the session based on external | 851 | * Check if we want to resume the session based on external |
| 843 | * pre-shared secret | 852 | * pre-shared secret |
| @@ -935,6 +944,8 @@ ssl3_get_server_hello(SSL *s) | |||
| 935 | } | 944 | } |
| 936 | /* lets get the compression algorithm */ | 945 | /* lets get the compression algorithm */ |
| 937 | /* COMPRESSION */ | 946 | /* COMPRESSION */ |
| 947 | if (p + 1 - d > n) | ||
| 948 | goto truncated; | ||
| 938 | if (*(p++) != 0) { | 949 | if (*(p++) != 0) { |
| 939 | al = SSL_AD_ILLEGAL_PARAMETER; | 950 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 940 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | 951 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, |
| @@ -958,15 +969,15 @@ ssl3_get_server_hello(SSL *s) | |||
| 958 | } | 969 | } |
| 959 | } | 970 | } |
| 960 | 971 | ||
| 961 | if (p != (d + n)) { | 972 | if (p != d + n) |
| 962 | /* wrong packet length */ | 973 | goto truncated; |
| 963 | al = SSL_AD_DECODE_ERROR; | ||
| 964 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 965 | SSL_R_BAD_PACKET_LENGTH); | ||
| 966 | goto f_err; | ||
| 967 | } | ||
| 968 | 974 | ||
| 969 | return (1); | 975 | return (1); |
| 976 | |||
| 977 | truncated: | ||
| 978 | /* wrong packet length */ | ||
| 979 | al = SSL_AD_DECODE_ERROR; | ||
| 980 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH); | ||
| 970 | f_err: | 981 | f_err: |
| 971 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 982 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 972 | err: | 983 | err: |
| @@ -1015,6 +1026,8 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1015 | goto err; | 1026 | goto err; |
| 1016 | } | 1027 | } |
| 1017 | 1028 | ||
| 1029 | if (p + 3 - d > n) | ||
| 1030 | goto truncated; | ||
| 1018 | n2l3(p, llen); | 1031 | n2l3(p, llen); |
| 1019 | if (llen + 3 != n) { | 1032 | if (llen + 3 != n) { |
| 1020 | al = SSL_AD_DECODE_ERROR; | 1033 | al = SSL_AD_DECODE_ERROR; |
| @@ -1023,6 +1036,8 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1023 | goto f_err; | 1036 | goto f_err; |
| 1024 | } | 1037 | } |
| 1025 | for (nc = 0; nc < llen; ) { | 1038 | for (nc = 0; nc < llen; ) { |
| 1039 | if (p + 3 - d > n) | ||
| 1040 | goto truncated; | ||
| 1026 | n2l3(p, l); | 1041 | n2l3(p, l); |
| 1027 | if ((l + nc + 3) > llen) { | 1042 | if ((l + nc + 3) > llen) { |
| 1028 | al = SSL_AD_DECODE_ERROR; | 1043 | al = SSL_AD_DECODE_ERROR; |
| @@ -1094,7 +1109,7 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1094 | x = NULL; | 1109 | x = NULL; |
| 1095 | al = SSL3_AL_FATAL; | 1110 | al = SSL3_AL_FATAL; |
| 1096 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1111 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| 1097 | SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); | 1112 | SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); |
| 1098 | goto f_err; | 1113 | goto f_err; |
| 1099 | } | 1114 | } |
| 1100 | 1115 | ||
| @@ -1103,7 +1118,7 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1103 | x = NULL; | 1118 | x = NULL; |
| 1104 | al = SSL3_AL_FATAL; | 1119 | al = SSL3_AL_FATAL; |
| 1105 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1120 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| 1106 | SSL_R_UNKNOWN_CERTIFICATE_TYPE); | 1121 | SSL_R_UNKNOWN_CERTIFICATE_TYPE); |
| 1107 | goto f_err; | 1122 | goto f_err; |
| 1108 | } | 1123 | } |
| 1109 | 1124 | ||
| @@ -1137,6 +1152,11 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1137 | ret = 1; | 1152 | ret = 1; |
| 1138 | 1153 | ||
| 1139 | if (0) { | 1154 | if (0) { |
| 1155 | truncated: | ||
| 1156 | /* wrong packet length */ | ||
| 1157 | al = SSL_AD_DECODE_ERROR; | ||
| 1158 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
| 1159 | SSL_R_BAD_PACKET_LENGTH); | ||
| 1140 | f_err: | 1160 | f_err: |
| 1141 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1161 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 1142 | } | 1162 | } |
| @@ -1206,6 +1226,8 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1206 | ERR_R_MALLOC_FAILURE); | 1226 | ERR_R_MALLOC_FAILURE); |
| 1207 | goto err; | 1227 | goto err; |
| 1208 | } | 1228 | } |
| 1229 | if (2 > n) | ||
| 1230 | goto truncated; | ||
| 1209 | n2s(p, i); | 1231 | n2s(p, i); |
| 1210 | param_len = i + 2; | 1232 | param_len = i + 2; |
| 1211 | if (param_len > n) { | 1233 | if (param_len > n) { |
| @@ -1221,6 +1243,8 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1221 | } | 1243 | } |
| 1222 | p += i; | 1244 | p += i; |
| 1223 | 1245 | ||
| 1246 | if (param_len + 2 > n) | ||
| 1247 | goto truncated; | ||
| 1224 | n2s(p, i); | 1248 | n2s(p, i); |
| 1225 | param_len += i + 2; | 1249 | param_len += i + 2; |
| 1226 | if (param_len > n) { | 1250 | if (param_len > n) { |
| @@ -1258,6 +1282,8 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1258 | ERR_R_DH_LIB); | 1282 | ERR_R_DH_LIB); |
| 1259 | goto err; | 1283 | goto err; |
| 1260 | } | 1284 | } |
| 1285 | if (2 > n) | ||
| 1286 | goto truncated; | ||
| 1261 | n2s(p, i); | 1287 | n2s(p, i); |
| 1262 | param_len = i + 2; | 1288 | param_len = i + 2; |
| 1263 | if (param_len > n) { | 1289 | if (param_len > n) { |
| @@ -1273,6 +1299,8 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1273 | } | 1299 | } |
| 1274 | p += i; | 1300 | p += i; |
| 1275 | 1301 | ||
| 1302 | if (param_len + 2 > n) | ||
| 1303 | goto truncated; | ||
| 1276 | n2s(p, i); | 1304 | n2s(p, i); |
| 1277 | param_len += i + 2; | 1305 | param_len += i + 2; |
| 1278 | if (param_len > n) { | 1306 | if (param_len > n) { |
| @@ -1288,6 +1316,8 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1288 | } | 1316 | } |
| 1289 | p += i; | 1317 | p += i; |
| 1290 | 1318 | ||
| 1319 | if (param_len + 2 > n) | ||
| 1320 | goto truncated; | ||
| 1291 | n2s(p, i); | 1321 | n2s(p, i); |
| 1292 | param_len += i + 2; | 1322 | param_len += i + 2; |
| 1293 | if (param_len > n) { | 1323 | if (param_len > n) { |
| @@ -1376,6 +1406,8 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1376 | goto err; | 1406 | goto err; |
| 1377 | } | 1407 | } |
| 1378 | 1408 | ||
| 1409 | if (param_len + 1 > n) | ||
| 1410 | goto truncated; | ||
| 1379 | encoded_pt_len = *p; | 1411 | encoded_pt_len = *p; |
| 1380 | /* length of encoded point */ | 1412 | /* length of encoded point */ |
| 1381 | p += 1; | 1413 | p += 1; |
| @@ -1435,6 +1467,8 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1435 | * Check key type is consistent | 1467 | * Check key type is consistent |
| 1436 | * with signature | 1468 | * with signature |
| 1437 | */ | 1469 | */ |
| 1470 | if (2 > n) | ||
| 1471 | goto truncated; | ||
| 1438 | if (sigalg != (int)p[1]) { | 1472 | if (sigalg != (int)p[1]) { |
| 1439 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | 1473 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, |
| 1440 | SSL_R_WRONG_SIGNATURE_TYPE); | 1474 | SSL_R_WRONG_SIGNATURE_TYPE); |
| @@ -1453,11 +1487,13 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1453 | } else | 1487 | } else |
| 1454 | md = EVP_sha1(); | 1488 | md = EVP_sha1(); |
| 1455 | 1489 | ||
| 1490 | if (2 > n) | ||
| 1491 | goto truncated; | ||
| 1456 | n2s(p, i); | 1492 | n2s(p, i); |
| 1457 | n -= 2; | 1493 | n -= 2; |
| 1458 | j = EVP_PKEY_size(pkey); | 1494 | j = EVP_PKEY_size(pkey); |
| 1459 | 1495 | ||
| 1460 | if ((i != n) || (n > j) || (n <= 0)) { | 1496 | if (i != n || n > j) { |
| 1461 | /* wrong packet length */ | 1497 | /* wrong packet length */ |
| 1462 | al = SSL_AD_DECODE_ERROR; | 1498 | al = SSL_AD_DECODE_ERROR; |
| 1463 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | 1499 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, |
| @@ -1534,6 +1570,10 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1534 | EVP_PKEY_free(pkey); | 1570 | EVP_PKEY_free(pkey); |
| 1535 | EVP_MD_CTX_cleanup(&md_ctx); | 1571 | EVP_MD_CTX_cleanup(&md_ctx); |
| 1536 | return (1); | 1572 | return (1); |
| 1573 | truncated: | ||
| 1574 | /* wrong packet length */ | ||
| 1575 | al = SSL_AD_DECODE_ERROR; | ||
| 1576 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); | ||
| 1537 | f_err: | 1577 | f_err: |
| 1538 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1578 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 1539 | err: | 1579 | err: |
| @@ -1606,13 +1646,26 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1606 | } | 1646 | } |
| 1607 | 1647 | ||
| 1608 | /* get the certificate types */ | 1648 | /* get the certificate types */ |
| 1649 | if (1 > n) | ||
| 1650 | goto truncated; | ||
| 1609 | ctype_num= *(p++); | 1651 | ctype_num= *(p++); |
| 1610 | if (ctype_num > SSL3_CT_NUMBER) | 1652 | if (ctype_num > SSL3_CT_NUMBER) |
| 1611 | ctype_num = SSL3_CT_NUMBER; | 1653 | ctype_num = SSL3_CT_NUMBER; |
| 1654 | if (p + ctype_num - d > n) { | ||
| 1655 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1656 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1657 | goto err; | ||
| 1658 | } | ||
| 1659 | |||
| 1612 | for (i = 0; i < ctype_num; i++) | 1660 | for (i = 0; i < ctype_num; i++) |
| 1613 | s->s3->tmp.ctype[i] = p[i]; | 1661 | s->s3->tmp.ctype[i] = p[i]; |
| 1614 | p += ctype_num; | 1662 | p += ctype_num; |
| 1615 | if (SSL_USE_SIGALGS(s)) { | 1663 | if (SSL_USE_SIGALGS(s)) { |
| 1664 | if (p + 2 - d > n) { | ||
| 1665 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1666 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1667 | goto err; | ||
| 1668 | } | ||
| 1616 | n2s(p, llen); | 1669 | n2s(p, llen); |
| 1617 | /* Check we have enough room for signature algorithms and | 1670 | /* Check we have enough room for signature algorithms and |
| 1618 | * following length value. | 1671 | * following length value. |
| @@ -1633,6 +1686,11 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1633 | } | 1686 | } |
| 1634 | 1687 | ||
| 1635 | /* get the CA RDNs */ | 1688 | /* get the CA RDNs */ |
| 1689 | if (p + 2 - d > n) { | ||
| 1690 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1691 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1692 | goto err; | ||
| 1693 | } | ||
| 1636 | n2s(p, llen); | 1694 | n2s(p, llen); |
| 1637 | 1695 | ||
| 1638 | if ((unsigned long)(p - d + llen) != n) { | 1696 | if ((unsigned long)(p - d + llen) != n) { |
| @@ -1698,6 +1756,11 @@ cont: | |||
| 1698 | ca_sk = NULL; | 1756 | ca_sk = NULL; |
| 1699 | 1757 | ||
| 1700 | ret = 1; | 1758 | ret = 1; |
| 1759 | if (0) { | ||
| 1760 | truncated: | ||
| 1761 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1762 | SSL_R_BAD_PACKET_LENGTH); | ||
| 1763 | } | ||
| 1701 | err: | 1764 | err: |
| 1702 | if (ca_sk != NULL) | 1765 | if (ca_sk != NULL) |
| 1703 | sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); | 1766 | sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); |