diff options
author | Matt Caswell <matt@openssl.org> | 2017-05-08 15:18:25 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-05-11 13:13:04 +0100 |
commit | ef57a475a073fffd610ee3228acd855ca0d72be5 (patch) | |
tree | d0346191e5f28853da10904d3d42663e470a63e5 /ssl/statem/statem_srvr.c | |
parent | 721586eadf626118695365282db7f10acd105882 (diff) | |
download | openssl-ef57a475a073fffd610ee3228acd855ca0d72be5.zip openssl-ef57a475a073fffd610ee3228acd855ca0d72be5.tar.gz openssl-ef57a475a073fffd610ee3228acd855ca0d72be5.tar.bz2 |
Verify that there is no trailing data after the extensions block
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3436)
Diffstat (limited to 'ssl/statem/statem_srvr.c')
-rw-r--r-- | ssl/statem/statem_srvr.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 7e025a6..5c22ba7 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1407,7 +1407,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (PACKET_remaining(pkt) == 0) { PACKET_null_init(&clienthello->extensions); } else { - if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)) { + if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions) + || PACKET_remaining(pkt) != 0) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); goto f_err; |