reject zero length point format list or supported curves extensions (7469af44) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/t1_lib.c

+4 −2

Original line number	Original line	Diff line number	Diff line
	@@ -1498,7 +1498,8 @@ static int ssl_scan_clienthello_tlsext(SSL s, unsigned char *p, unsigned char
	int ellipticcurvelist_length = (*(sdata++) << 8);		int ellipticcurvelist_length = (*(sdata++) << 8);
	ellipticcurvelist_length += (*(sdata++));		ellipticcurvelist_length += (*(sdata++));

	if (ellipticcurvelist_length != size - 2)		if (ellipticcurvelist_length != size - 2 \|\|
			ellipticcurvelist_length < 1)
	{		{
	*al = TLS1_AD_DECODE_ERROR;		*al = TLS1_AD_DECODE_ERROR;
	return 0;		return 0;
	@@ -1931,7 +1932,8 @@ static int ssl_scan_serverhello_tlsext(SSL s, unsigned char *p, unsigned char
	unsigned char *sdata = data;		unsigned char *sdata = data;
	int ecpointformatlist_length = *(sdata++);		int ecpointformatlist_length = *(sdata++);

	if (ecpointformatlist_length != size - 1)		if (ecpointformatlist_length != size - 1 \|\|
			ecpointformatlist_length < 1)
	{		{
	*al = TLS1_AD_DECODE_ERROR;		*al = TLS1_AD_DECODE_ERROR;
	return 0;		return 0;