Avoid an overflow in constructing the ServerKeyExchange message

We calculate the size required for the ServerKeyExchange message and then call BUF_MEM_grow_clean() on the buffer. However we fail to take account of 2 bytes required for the signature algorithm and 2 bytes for the signature length, i.e. we could overflow by 4 bytes. In reality this won't happen because the buffer is pre-allocated to a large size that means it should be big enough anyway. Addresses an OCAP Audit issue. Reviewed-by: N Rich Salz <rsalz@openssl.org>

Avoid an overflow in constructing the ServerKeyExchange message
We calculate the size required for the ServerKeyExchange message and then call BUF_MEM_grow_clean() on the buffer. However we fail to take account of 2 bytes required for the signature algorithm and 2 bytes for the signature length, i.e. we could overflow by 4 bytes. In reality this won't happen because the buffer is pre-allocated to a large size that means it should be big enough anyway. Addresses an OCAP Audit issue. Reviewed-by: N Rich Salz <rsalz@openssl.org>
1e16987f · Matt Caswell · 43cb3090 · 1e16987f
显示空白变更内容
内联并排

Showing with 5 addition and 0 deletion

ssl/statem/statem_srvr.c ssl/statem/statem_srvr.c +5 -0

未找到文件。
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1792,6 +1792,11 @@ int tls_construct_server_key_exchange(SSL *s)
            goto f_err;
        }
        kn = EVP_PKEY_size(pkey);
+        /* Allow space for signature algorithm */
+        if (SSL_USE_SIGALGS(s))
+            kn += 2;
+        /* Allow space for signature length */
+        kn += 2;
    } else {
        pkey = NULL;
        kn = 0;