feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

length check the hello extensions

Browse Source
This commit is contained in:
John Safranek
2013-02-18 12:52:08 -08:00
parent df011b2e40
commit d9a9982bc8
2 changed files with 21 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cyassl/internal.h
View File

@ -462,6 +462,7 @@ enum Misc {
ALERT_SIZE = 2, /* level + description */ ALERT_SIZE = 2, /* level + description */
REQUEST_HEADER = 2, /* always use 2 bytes */ REQUEST_HEADER = 2, /* always use 2 bytes */
VERIFY_HEADER = 2, /* always use 2 bytes */ VERIFY_HEADER = 2, /* always use 2 bytes */
EXT_ID_SZ = 2, /* always use 2 bytes */
MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */ MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
MAX_SUITE_SZ = 200, /* 100 suites for now! */ MAX_SUITE_SZ = 200, /* 100 suites for now! */

40
src/internal.c
View File

@ -8500,6 +8500,7 @@ int SetCipherList(Suites* s, const char* list)
return BUFFER_ERROR; return BUFFER_ERROR;
XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz); XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz);
i += clSuites.suiteSz; i += clSuites.suiteSz;
clSuites.hashSigAlgoSz = 0;
b = input[i++]; /* comp len */ b = input[i++]; /* comp len */
if (i + b > totalSz) if (i + b > totalSz)
@ -8523,46 +8524,45 @@ int SetCipherList(Suites* s, const char* list)
ssl->options.clientState = CLIENT_HELLO_COMPLETE; ssl->options.clientState = CLIENT_HELLO_COMPLETE;
*inOutIdx = i; *inOutIdx = i;
clSuites.hashSigAlgoSz = 0;
if ( (i - begin) < helloSz) { if ( (i - begin) < helloSz) {
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
/* Need to process all extensions, i.e. skip the ones we don't /* Process the hello extension. Skip unsupported. */
* support. */ word16 totalExtSz;
word16 totalExtSz, extId, extSz;
ato16(&input[i], &totalExtSz); ato16(&input[i], &totalExtSz);
i += 2; i += LENGTH_SZ;
if (totalExtSz > helloSz + begin - i)
return INCOMPLETE_DATA;
while (totalExtSz) { while (totalExtSz) {
word16 extId, extSz;
ato16(&input[i], &extId); ato16(&input[i], &extId);
i += 2; i += LENGTH_SZ;
ato16(&input[i], &extSz); ato16(&input[i], &extSz);
i += 2; i += EXT_ID_SZ;
totalExtSz -= 4 + extSz; if (extSz > totalExtSz - LENGTH_SZ - EXT_ID_SZ)
return INCOMPLETE_DATA;
if (extId == HELLO_EXT_SIG_ALGO) { if (extId == HELLO_EXT_SIG_ALGO) {
ato16(&input[i], &clSuites.hashSigAlgoSz); ato16(&input[i], &clSuites.hashSigAlgoSz);
i += 2; i += LENGTH_SZ;
if (clSuites.hashSigAlgoSz > extSz - LENGTH_SZ)
if (i + clSuites.hashSigAlgoSz > totalSz)
return INCOMPLETE_DATA; return INCOMPLETE_DATA;
if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX)
return BUFFER_ERROR; XMEMCPY(clSuites.hashSigAlgo, &input[i],
min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
XMEMCPY(clSuites.hashSigAlgo,
input+i, clSuites.hashSigAlgoSz);
i += clSuites.hashSigAlgoSz; i += clSuites.hashSigAlgoSz;
} }
else else
i += extSz; i += extSz;
totalExtSz -= LENGTH_SZ + EXT_ID_SZ + extSz;
} }
*inOutIdx = i; *inOutIdx = i;
} }
else else
*inOutIdx = begin + helloSz; /* skip extensions */ *inOutIdx = begin + helloSz; /* skip extensions */
} }
else {
clSuites.hashSigAlgoSz = 0;
}
ssl->options.haveSessionId = 1; ssl->options.haveSessionId = 1;
/* ProcessOld uses same resume code */ /* ProcessOld uses same resume code */