Validate ClientHello session_id field length and send alert on failure (293b5ca4) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

ssl/ssl_sess.c

+1 −5

Original line number	Diff line number	Diff line
		@@ -529,12 +529,8 @@ int ssl_get_prev_session(SSL s, const PACKET ext, const PACKET *session_id)
		int fatal = 0;
		int try_session_cache = 1;
		int r;
		size_t len = PACKET_remaining(session_id);

		if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
		goto err;

		if (len == 0)
		if (PACKET_remaining(session_id) == 0)
		try_session_cache = 0;

		/* sets s->tlsext_ticket_expected and extended master secret flag */

+12 −0

Original line number	Diff line number	Diff line
		@@ -1082,6 +1082,12 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL s, PACKET pkt)
		goto f_err;
		}

		if (session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
		goto f_err;
		}

		if (!PACKET_get_sub_packet(pkt, &cipher_suites, cipher_len)
		\|\| !PACKET_get_sub_packet(pkt, &session_id, session_id_len)
		\|\| !PACKET_get_sub_packet(pkt, &challenge, challenge_len)
		@@ -1116,6 +1122,12 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL s, PACKET pkt)
		goto f_err;
		}

		if (PACKET_remaining(&session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) {
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
		goto f_err;
		}

		if (SSL_IS_DTLS(s)) {
		if (!PACKET_get_length_prefixed_1(pkt, &cookie)) {
		al = SSL_AD_DECODE_ERROR;