Verify that there is no trailing data after the extensions block

Reviewed-by: N Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3436)

Verify that there is no trailing data after the extensions block
Reviewed-by: N Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3436)
ef57a475 · Matt Caswell · 721586ea · ef57a475
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

ssl/statem/statem_srvr.c ssl/statem/statem_srvr.c +2 -1

未找到文件。
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1407,7 +1407,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
        if (PACKET_remaining(pkt) == 0) {
            PACKET_null_init(&clienthello->extensions);
        } else {
-            if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)) {
+            if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)
+                    || PACKET_remaining(pkt) != 0) {
                al = SSL_AD_DECODE_ERROR;
                SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
                goto f_err;