Validate ClientHello extension field length

RT#4069 Reviewed-by: N Emilia Käsper <emilia@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>

Validate ClientHello extension field length
RT#4069 Reviewed-by: N Emilia Käsper <emilia@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>
52a48f9e · Alessandro Ghedini · Matt Caswell · 67202973 · 52a48f9e
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

ssl/t1_lib.c ssl/t1_lib.c +3 -0

未找到文件。
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1927,6 +1927,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
    if (!PACKET_get_net_2(pkt, &len))
        goto err;

+    if (PACKET_remaining(pkt) != len)
+        goto err;
+
    while (PACKET_get_net_2(pkt, &type) && PACKET_get_net_2(pkt, &size)) {
        PACKET subpkt;