From 5f232a5347aa50b02963840b94a44e39ca4a5d4d Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 16 Feb 2020 16:36:40 +0000 Subject: Avoid potential NULL dereference when parsing a server keyshare extension. It is currently possible for key_share to be NULL when a TLS client receives a keyshare extension. However, for this to occur the client has to be doing TLS 1.2 or earlier, which means that it was invalid for the server to send the extension. As such, check for NULL and treat it as an invalid extension. Found by oss-fuzz (#20741 and #20745). ok inoguchi@ tb@ --- src/lib/libssl/ssl_tlsext.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 3d1d1c8b7b..f907741514 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.60 2020/02/06 13:14:17 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.61 2020/02/16 16:36:40 jsing Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -1349,6 +1349,9 @@ tlsext_keyshare_client_parse(SSL *s, CBS *cbs, int *alert) if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) return 0; + if (S3I(s)->hs_tls13.key_share == NULL) + return 0; + if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share, group, &key_exchange)) goto err; -- cgit v1.2.3-55-g6feb