summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2021-09-03 13:18:02 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2021-09-03 13:18:02 +0000
commite22401d3de4b8df58094e6ca03064f640f56c063 (patch)
treee67311b4f141a5b74ad4c271dc033a94d9fe4bf7 /lib
parentd3fc0a73c9bd03623a6377e6f9c2a6ad3b52bee2 (diff)
Ensure that a client hello does not have trailing data.
Found by tlsfuzzer. ok beck@
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/ssl_srvr.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index a473d5af053..3a37fc7e094 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.118 2021/08/30 19:25:43 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.119 2021/09/03 13:18:01 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1017,6 +1017,9 @@ ssl3_get_client_hello(SSL *s)
goto fatal_err;
}
+ if (CBS_len(&cbs) != 0)
+ goto decode_err;
+
if (!S3I(s)->renegotiate_seen && s->internal->renegotiate) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 10:27:39 +0000