diff --git a/ChangeLog b/ChangeLog index 571cb3ba0..8e49e5c19 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,8 @@ Bugfix * Fix compiler warnings on iOS (found by Sander Niemeijer). * x509_crt_parse() did not increase total_failed on PEM error * Fix compile error with armcc in mpi_is_prime() + * Fix potential bad read in parsing ServerHello (found by Adrien + Vialletelle). Changes * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 38f9fe720..27abb3efe 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -875,7 +875,7 @@ static int ssl_parse_server_hello( ssl_context *ssl ) { int ret, i, comp; size_t n; - size_t ext_len = 0; + size_t ext_len; unsigned char *buf, *ext; int renegotiation_info_seen = 0; int handshake_failure = 0; @@ -981,7 +981,7 @@ static int ssl_parse_server_hello( ssl_context *ssl ) * 42+n . 43+n extensions length * 44+n . 44+n+m extensions */ - if( ssl->in_hslen > 42 + n ) + if( ssl->in_hslen > 43 + n ) { ext_len = ( ( buf[42 + n] << 8 ) | ( buf[43 + n] ) ); @@ -993,6 +993,15 @@ static int ssl_parse_server_hello( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO ); } } + else if( ssl->in_hslen == 42 + n ) + { + ext_len = 0; + } + else + { + SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO ); + } i = ( buf[39 + n] << 8 ) | buf[40 + n]; comp = buf[41 + n];