wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Boundaries check for DoHelloVerifyRequest.

Browse Source 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
This commit is contained in:
Moisés Guimarães
2014-03-10 12:16:58 -03:00
parent 881de67196
commit 7630b1d222
1 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/internal.c
View File

@@ -69,7 +69,8 @@ CYASSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
#ifndef NO_CYASSL_CLIENT #ifndef NO_CYASSL_CLIENT
static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*); static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*,
word32);
static int DoServerHello(CYASSL* ssl, const byte* input, word32*, word32); static int DoServerHello(CYASSL* ssl, const byte* input, word32*, word32);
static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*); static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*);
#ifndef NO_CERTS #ifndef NO_CERTS
@@ -3789,7 +3790,7 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
#ifndef NO_CYASSL_CLIENT #ifndef NO_CYASSL_CLIENT
case hello_verify_request: case hello_verify_request:
CYASSL_MSG("processing hello verify request"); CYASSL_MSG("processing hello verify request");
ret = DoHelloVerifyRequest(ssl, input,inOutIdx); ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size);
break; break;
case server_hello: case server_hello:
@@ -7444,27 +7445,36 @@ static void PickHashSigAlgo(CYASSL* ssl,
static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input,
word32* inOutIdx) word32* inOutIdx, word32 size)
{ {
ProtocolVersion pv; ProtocolVersion pv;
byte cookieSz; byte cookieSz;
word32 begin = *inOutIdx;
#ifdef CYASSL_CALLBACKS #ifdef CYASSL_CALLBACKS
if (ssl->hsInfoOn) AddPacketName("HelloVerifyRequest", if (ssl->hsInfoOn) AddPacketName("HelloVerifyRequest",
&ssl->handShakeInfo); &ssl->handShakeInfo);
if (ssl->toInfoOn) AddLateName("HelloVerifyRequest", &ssl->timeoutInfo); if (ssl->toInfoOn) AddLateName("HelloVerifyRequest", &ssl->timeoutInfo);
#endif #endif
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
DtlsPoolReset(ssl); DtlsPoolReset(ssl);
} }
#endif #endif
XMEMCPY(&pv, input + *inOutIdx, sizeof(pv));
*inOutIdx += (word32)sizeof(pv);
if ((*inOutIdx - begin) + OPAQUE16_LEN + OPAQUE8_LEN > size)
return BUFFER_ERROR;
XMEMCPY(&pv, input + *inOutIdx, OPAQUE16_LEN);
*inOutIdx += OPAQUE16_LEN;
cookieSz = input[(*inOutIdx)++]; cookieSz = input[(*inOutIdx)++];
if (cookieSz) { if (cookieSz) {
if ((*inOutIdx - begin) + cookieSz > size)
return BUFFER_ERROR;
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (cookieSz <= MAX_COOKIE_LEN) { if (cookieSz <= MAX_COOKIE_LEN) {
XMEMCPY(ssl->arrays->cookie, input + *inOutIdx, cookieSz); XMEMCPY(ssl->arrays->cookie, input + *inOutIdx, cookieSz);