diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2020-08-03 19:46:56 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-08-03 19:46:56 +0000 |
| commit | 5bf156a6406cf9daee3af4f38c6c110680df70ab (patch) | |
| tree | 044b3bf7bd6784db8954e55569ebe8585ab46f08 | |
| parent | b6281404fbeb2a74c75230a3800a2c2cfe04810a (diff) | |
Only parse a client's status_request in the CH
A client should only send a status_request as part of the CH.
Pointed out by Michael Forney
ok inoguchi jsing
| -rw-r--r-- | lib/libssl/ssl_tlsext.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 920d026fff9..f3078f3efe5 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.80 2020/08/03 19:43:16 tb Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.81 2020/08/03 19:46:55 tb Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -914,6 +914,9 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) uint8_t status_type; int ret = 0; + if (msg_type != SSL_TLSEXT_MSG_CH) + goto err; + if (!CBS_get_u8(cbs, &status_type)) goto err; if (status_type != TLSEXT_STATUSTYPE_ocsp) { |