From 4f8a706dc7eae6e775f153f6629a1bbd9e134499 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@links.org>
Date: Fri, 20 Sep 2013 14:39:33 +0100
Subject: [PATCH] Merge remote-tracking branch 'trevp/pemfix' into trev-pem-fix

---
 doc/ssl/SSL_CTX_use_serverinfo.pod |  7 ++++---
 ssl/ssl_rsa.c                      | 16 ++++++++++++++--
 test/serverinfo.pem                |  8 ++++----
 3 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/doc/ssl/SSL_CTX_use_serverinfo.pod b/doc/ssl/SSL_CTX_use_serverinfo.pod
index 485b813b83..440932287b 100644
--- a/doc/ssl/SSL_CTX_use_serverinfo.pod
+++ b/doc/ssl/SSL_CTX_use_serverinfo.pod
@@ -20,14 +20,15 @@ A "serverinfo" extension is returned in response to an empty ClientHello
 Extension.
 
 SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from
-a byte array into B<ctx>. The extensions must be concatenated into a 
+a byte array into B<ctx>.  The extensions must be concatenated into a 
 sequence of bytes.  Each extension must consist of a 2-byte Extension Type, 
 a 2-byte length, and then length bytes of extension_data.
 
 SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from
-B<file> into B<ctx>. The extensions must be in PEM format.  Each extension
+B<file> into B<ctx>.  The extensions must be in PEM format.  Each extension
 must consist of a 2-byte Extension Type, a 2-byte length, and then length
-bytes of extension_data.
+bytes of extension_data.  Each PEM extension name must begin with the phrase
+"BEGIN SERVERINFO FOR ".
 
 =head1 NOTES
 
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 2837624ae9..57a2d846a7 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -1206,6 +1206,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
 	long extension_length = 0;
 	char* name = NULL;
 	char* header = NULL;
+	char namePrefix[] = "SERVERINFO FOR ";
 	int ret = 0;
 	BIO *bin = NULL;
 	size_t num_extensions = 0;
@@ -1241,11 +1242,22 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
 			else /* End of file, we're done */
 				break;
 			}
+		/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
+		if (strlen(name) < strlen(namePrefix))
+			{
+			SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+			goto end;
+			}
+		if (strncmp(name, namePrefix, strlen(namePrefix)) != 0)
+			{
+			SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+			goto end;
+			}
 		/* Check that the decoded PEM data is plausible (valid length field) */
 		if (extension_length < 4 || (extension[2] << 8) + extension[3] != extension_length - 4)
 			{
-				SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
-				goto end;
+			SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+			goto end;
 			}
 		/* Append the decoded extension to the serverinfo buffer */
 		serverinfo = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);
diff --git a/test/serverinfo.pem b/test/serverinfo.pem
index 0eb020a17f..cd3020e3b8 100644
--- a/test/serverinfo.pem
+++ b/test/serverinfo.pem
@@ -1,10 +1,10 @@
------BEGIN SCT-----
+-----BEGIN SERVERINFO FOR CT-----
 ABIAZMevsj4TC5rgwjZNciLGwh15YXoIK9t5aypGJIG4QzyMowmwwDdqxudkUcGa
 DvuqlYL7psO5j4/BIHTe677CAZBBH3Ho2NOM5q1zub4AbfUMlKeufuQgeQ2Tj1oe
 LJLRzrwDnPs=
------END SCT-----
+-----END SERVERINFO FOR CT-----
 
------BEGIN TACK EXTENSION-----
+-----BEGIN SERVERINFO FOR TACK-----
 8wABTwFMh1Dz+3W6zULWJKjav5TNaFEXL1h98YtCXeyZnORYg4mbKpxH5CMbjpgx
 To3amSqUPF4Ntjc/i9+poutxebYkbgAAAkMcxb8+RaM9YEywaJEGViKJJmpYG/gJ
 HgfGaefI9kKbXSDmP9ntg8dLvDzuyYw14ktM2850Q9WvBiltpekilZxVuT2bFtfs
@@ -13,4 +13,4 @@ ffGLQl3smZzkWIOJmyqcR+QjG46YMU6N2pkqlDxeDbY3P4vfqaLrcXm2JG4AAAGN
 xXQJPbdniI9rEydVXb1Cu1yT/t7FBEx6hLxuoypXjCI1wCGpXsd8zEnloR0Ank5h
 VO/874E/BZlItzSPpcmDKl5Def6BrAJTErQlE9npo52S05YWORxJw1+VYBdqQ09A
 x3wA
------END TACK EXTENSION-----
+-----END SERVERINFO FOR TACK-----