Merge branch 'mbedtls-2.16-restricted' into prepare-rc-2.16.6-updated

* mbedtls-2.16-restricted:
  Parse HelloVerifyRequest buffer overread: add changelog entry
  Parse HelloVerifyRequest: avoid buffer overread at the start
  Parse HelloVerifyRequest: avoid buffer overread on the cookie
This commit is contained in:
Manuel Pégourié-Gonnard 2020-04-09 12:27:20 +02:00
commit dab3fd64ab
2 changed files with 16 additions and 2 deletions

View File

@ -8,6 +8,8 @@ Security
untrusted operating system attacking a secure enclave) to fully recover untrusted operating system attacking a secure enclave) to fully recover
an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya, an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya,
Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932 Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
* Fix a potentially remotely exploitable buffer overread in a
DTLS client when parsing the Hello Verify Request message.
Bugfix Bugfix
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and

View File

@ -1417,6 +1417,19 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );
/* Check that there is enough room for:
* - 2 bytes of version
* - 1 byte of cookie_len
*/
if( mbedtls_ssl_hs_hdr_len( ssl ) + 3 > ssl->in_msglen )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "incoming HelloVerifyRequest message is too short" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
/* /*
* struct { * struct {
* ProtocolVersion server_version; * ProtocolVersion server_version;
@ -1445,8 +1458,6 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
} }
cookie_len = *p++; cookie_len = *p++;
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len ) if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, MBEDTLS_SSL_DEBUG_MSG( 1,
@ -1455,6 +1466,7 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} }
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
mbedtls_free( ssl->handshake->verify_cookie ); mbedtls_free( ssl->handshake->verify_cookie );