feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

If there is a badly formed handshake message with extra data at the

Browse Source 
end, but the correct size with the extra data, send a decode_error
alert and fail the handshake.
This commit is contained in:
John Safranek
2016-12-14 13:07:06 -08:00
parent 483e461c49
commit be65f26dd2
3 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/internal.c
View File

@ -7649,7 +7649,7 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
byte type, word32 size, word32 totalSz) byte type, word32 size, word32 totalSz)
{ {
int ret = 0; int ret = 0;
(void)totalSz; word32 expectedIdx;
WOLFSSL_ENTER("DoHandShakeMsgType"); WOLFSSL_ENTER("DoHandShakeMsgType");
@ -7657,6 +7657,9 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (*inOutIdx + size > totalSz) if (*inOutIdx + size > totalSz)
return INCOMPLETE_DATA; return INCOMPLETE_DATA;
expectedIdx = *inOutIdx + size +
(ssl->keys.encryptionOn ? ssl->keys.padSz : 0);
/* sanity check msg received */ /* sanity check msg received */
if ( (ret = SanityCheckMsgReceived(ssl, type)) != 0) { if ( (ret = SanityCheckMsgReceived(ssl, type)) != 0) {
WOLFSSL_MSG("Sanity Check on handshake message type received failed"); WOLFSSL_MSG("Sanity Check on handshake message type received failed");
@ -7811,6 +7814,13 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
break; break;
} }
if (ret == 0 && expectedIdx != *inOutIdx) {
WOLFSSL_MSG("Extra data in handshake message");
if (!ssl->options.dtls)
SendAlert(ssl, alert_fatal, decode_error);
ret = DECODE_E;
}
/* if async, offset index so this msg will be processed again */ /* if async, offset index so this msg will be processed again */
if (ret == WC_PENDING_E) { if (ret == WC_PENDING_E) {
*inOutIdx -= HANDSHAKE_HEADER_SZ; *inOutIdx -= HANDSHAKE_HEADER_SZ;
@ -11747,6 +11757,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case DTLS_POOL_SZ_E: case DTLS_POOL_SZ_E:
return "Maximum DTLS pool size exceeded"; return "Maximum DTLS pool size exceeded";
case DECODE_E:
return "Decode handshake message error";
default : default :
return "unknown error number"; return "unknown error number";
} }

1
wolfssl/error-ssl.h
View File

@ -151,6 +151,7 @@ enum wolfSSL_ErrorCodes {
CTX_INIT_MUTEX_E = -413, /* initialize ctx mutex error */ CTX_INIT_MUTEX_E = -413, /* initialize ctx mutex error */
EXT_MASTER_SECRET_NEEDED_E = -414, /* need EMS enabled to resume */ EXT_MASTER_SECRET_NEEDED_E = -414, /* need EMS enabled to resume */
DTLS_POOL_SZ_E = -415, /* exceeded DTLS pool size */ DTLS_POOL_SZ_E = -415, /* exceeded DTLS pool size */
DECODE_E = -416, /* decode handshake message error */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
/* begin negotiation parameter errors */ /* begin negotiation parameter errors */

1
wolfssl/ssl.h
View File

@ -200,6 +200,7 @@ enum AlertDescription {
certificate_expired = 45, certificate_expired = 45,
certificate_unknown = 46, certificate_unknown = 46,
illegal_parameter = 47, illegal_parameter = 47,
decode_error = 50,
decrypt_error = 51, decrypt_error = 51,
#ifdef WOLFSSL_MYSQL_COMPATIBLE #ifdef WOLFSSL_MYSQL_COMPATIBLE
/* catch name conflict for enum protocol with MYSQL build */ /* catch name conflict for enum protocol with MYSQL build */