feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5614 from rizlik/oobread

Browse Source 
Fix: parsing oob read in dtls1.3
This commit is contained in:
David Garske
2022-09-21 10:08:32 -07:00
committed by GitHub
parent 2bf583aa57 400d3c6963
commit 680182cab5
3 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/dtls13.c
View File

@@ -90,8 +90,6 @@ typedef struct Dtls13RecordPlaintextHeader {
/* size of the len field in the unified header */ /* size of the len field in the unified header */
#define DTLS13_LEN_SIZE 2 #define DTLS13_LEN_SIZE 2
/* size of the mask used to encrypt/decrypt Record Number */
#define DTLS13_RN_MASK_SIZE 16
/* size of the flags in the unified header */ /* size of the flags in the unified header */
#define DTLS13_HDR_FLAGS_SIZE 1 #define DTLS13_HDR_FLAGS_SIZE 1
/* size of the sequence number wher SEQ_LEN_BIT is present */ /* size of the sequence number wher SEQ_LEN_BIT is present */
@@ -1364,6 +1362,8 @@ int Dtls13ParseUnifiedRecordLayer(WOLFSSL* ssl, const byte* input,
to create record number xor mask). (draft 43 - Sec 4.2.3) */ to create record number xor mask). (draft 43 - Sec 4.2.3) */
if (hdrInfo->recordLength < DTLS13_RN_MASK_SIZE) if (hdrInfo->recordLength < DTLS13_RN_MASK_SIZE)
return LENGTH_ERROR; return LENGTH_ERROR;
if (inputSize < idx + DTLS13_RN_MASK_SIZE)
return BUFFER_ERROR;
ret = Dtls13EncryptDecryptRecordNumber(ssl, seqNum, seqLen, input + idx, ret = Dtls13EncryptDecryptRecordNumber(ssl, seqNum, seqLen, input + idx,
DEPROTECT); DEPROTECT);

15
src/internal.c
View File

@@ -10176,13 +10176,15 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx,
if (ret != 0) if (ret != 0)
return ret; return ret;
if (readSize < ssl->dtls13CurRlLength) { if (readSize < ssl->dtls13CurRlLength + DTLS13_RN_MASK_SIZE) {
/* when using DTLS over a medium that does not guarantee that a full /* when using DTLS over a medium that does not guarantee that a full
* message is received in a single read, we may end up without the full * message is received in a single read, we may end up without the full
* header */ * header and minimum ciphertext to decrypt record sequence numbers */
ret = GetInputData(ssl, ssl->dtls13CurRlLength - readSize); ret = GetInputData(ssl, ssl->dtls13CurRlLength + DTLS13_RN_MASK_SIZE);
if (ret != 0) if (ret != 0)
return ret; return ret;
readSize = ssl->buffers.inputBuffer.length - *inOutIdx;
} }
ret = Dtls13ParseUnifiedRecordLayer(ssl, ret = Dtls13ParseUnifiedRecordLayer(ssl,
@@ -10234,11 +10236,8 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
#endif #endif
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
word32 read_size;
int ret; int ret;
read_size = ssl->buffers.inputBuffer.length - *inOutIdx;
if (Dtls13IsUnifiedHeader(*(ssl->buffers.inputBuffer.buffer + *inOutIdx))) { if (Dtls13IsUnifiedHeader(*(ssl->buffers.inputBuffer.buffer + *inOutIdx))) {
/* version 1.3 already negotiated */ /* version 1.3 already negotiated */
@@ -10263,8 +10262,8 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
/* not a unified header, check that we have at least /* not a unified header, check that we have at least
* DTLS_RECORD_HEADER_SZ */ * DTLS_RECORD_HEADER_SZ */
if (read_size < DTLS_RECORD_HEADER_SZ) { if (ssl->buffers.inputBuffer.length - *inOutIdx < DTLS_RECORD_HEADER_SZ) {
ret = GetInputData(ssl, DTLS_RECORD_HEADER_SZ - read_size); ret = GetInputData(ssl, DTLS_RECORD_HEADER_SZ);
if (ret != 0) if (ret != 0)
return LENGTH_ERROR; return LENGTH_ERROR;
} }

3
wolfssl/internal.h
View File

@@ -4640,6 +4640,9 @@ typedef enum EarlyDataState {
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
/* size of the mask used to encrypt/decrypt Record Number */
#define DTLS13_RN_MASK_SIZE 16
typedef struct Dtls13UnifiedHdrInfo { typedef struct Dtls13UnifiedHdrInfo {
word16 recordLength; word16 recordLength;
byte seqLo; byte seqLo;