d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix Incorrectly formatted ClientHello SSL/TLS handshake messages could

Browse Source 
cause OpenSSL to parse past the end of the message.

Note: Applications are only affected if they act as a server and call
SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes
Apache httpd >= 2.3.3, if configured with "SSLUseStapling On".

Security:	http://www.openssl.org/news/secadv_20110208.txt
Security:	CVE-2011-0014
Obtained from:	OpenSSL CVS
This commit is contained in:
Simon L. B. Nielsen 2011-02-12 21:30:46 +00:00
parent 773dfc2534
commit 0a70456882
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/openssl/ssl/t1_lib.c
View File

@ -521,6 +521,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
}
n2s(data, idsize);
dsize -= 2 + idsize;
size -= 2 + idsize;
if (dsize < 0)
{
*al = SSL_AD_DECODE_ERROR;
@ -559,9 +560,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
}
/* Read in request_extensions */
if (size < 2)
{
*al = SSL_AD_DECODE_ERROR;
return 0;
}
n2s(data,dsize);
size -= 2;
if (dsize > size)
if (dsize != size)
{
*al = SSL_AD_DECODE_ERROR;
return 0;