Commit ef57a475 authored by Matt Caswell's avatar Matt Caswell
Browse files

Verify that there is no trailing data after the extensions block 



Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3436)
parent 721586ea

ssl/statem/statem_srvr.c

+2 −1
Original line number Diff line number Diff line
@@ -1407,7 +1407,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) 
        if (PACKET_remaining(pkt) == 0) {

            PACKET_null_init(&clienthello->extensions);

        } else {

            if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)) {

            if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)

                    || PACKET_remaining(pkt) != 0) {

                al = SSL_AD_DECODE_ERROR;

                SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);

                goto f_err;