Reject elliptic curve lists of odd lengths.
The Supported Elliptic Curves extension contains a vector of NamedCurves
of 2 bytes each, so the total length must be even. Accepting odd-length
lists was observed to lead to a non-exploitable one-byte out-of-bounds
read in the latest development branches (1.0.2 and master). Released
versions of OpenSSL are not affected.
Thanks to Felix Groebert of the Google Security Team for reporting this issue.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 33d5ba8629)
This commit is contained in:
Emilia Kasper
parent
fcabfc66ae
commit
321ba85899
1 changed files with 3 additions and 1 deletions
|
|
@ -1199,7 +1199,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
|
|||
ellipticcurvelist_length += (*(sdata++));
|
||||
|
||||
if (ellipticcurvelist_length != size - 2 ||
|
||||
ellipticcurvelist_length < 1)
|
||||
ellipticcurvelist_length < 1 ||
|
||||
/* Each NamedCurve is 2 bytes. */
|
||||
ellipticcurvelist_length & 1)
|
||||
{
|
||||
*al = TLS1_AD_DECODE_ERROR;
|
||||
return 0;
|
||||
|
|
|
|||
Loading…
Reference in a new issue