Commit cb750375 authored by Matt Caswell's avatar Matt Caswell
Browse files

Sanity check the ticket length before using key name/IV 



This could in theory result in an overread - but due to the over allocation
of the underlying buffer does not represent a security issue.

Thanks to Fedor Indutny for reporting this issue.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5417)
parent 773da093

ssl/t1_lib.c

+4 −0
Original line number Diff line number Diff line
@@ -3505,6 +3505,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, 
    EVP_CIPHER_CTX ctx;

    SSL_CTX *tctx = s->initial_ctx;



    /* Need at least keyname + iv */

    if (eticklen < 16 + EVP_MAX_IV_LENGTH)

        return 2;



    /* Initialize session ticket encryption and HMAC contexts */

    HMAC_CTX_init(&hctx);

    EVP_CIPHER_CTX_init(&ctx);