Fix two cases where it is possible to read one or two bytes past the end of

the buffer. The later size check would catch this, however reading first
and checking later is less than ideal.

ok miod@

1 files changed, 15 insertions, 3 deletions

diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 2a53b09ed23..3412e70d307 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.68 2014/12/02 20:46:19 miod Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.69 2014/12/06 13:21:14 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1334,7 +1334,13 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
 		else if (type == TLSEXT_TYPE_ec_point_formats &&
 		    s->version != DTLS1_VERSION) {
 			unsigned char *sdata = data;
-			int ecpointformatlist_length = *(sdata++);
+			int ecpointformatlist_length;
+
+			if (size < 1) {
+				*al = SSL_AD_DECODE_ERROR;
+				return 0;
+			}
+			ecpointformatlist_length = *(sdata++);
 
 			if (ecpointformatlist_length != size - 1) {
 				*al = TLS1_AD_DECODE_ERROR;
@@ -1354,7 +1360,13 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
 		} else if (type == TLSEXT_TYPE_elliptic_curves &&
 		    s->version != DTLS1_VERSION) {
 			unsigned char *sdata = data;
-			int ellipticcurvelist_length = (*(sdata++) << 8);
+			int ellipticcurvelist_length;
+
+			if (size < 2) {
+				*al = SSL_AD_DECODE_ERROR;
+				return 0;
+			}
+			ellipticcurvelist_length = (*(sdata++) << 8);
 			ellipticcurvelist_length += (*(sdata++));
 
 			if (ellipticcurvelist_length != size - 2 ||