psk_client_callback, 128-byte id bug.

author Adam Langley <agl@chromium.org>

Fri, 20 Jun 2014 19:00:00 +0000 (12:00 -0700)

committer Emilia Kasper <emilia@openssl.org>

Fri, 5 Sep 2014 10:22:33 +0000 (12:22 +0200)
author Adam Langley <agl@chromium.org>
Fri, 20 Jun 2014 19:00:00 +0000 (12:00 -0700)
committer Emilia Kasper <emilia@openssl.org>
Fri, 5 Sep 2014 10:22:33 +0000 (12:22 +0200)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c

index 9457dfb3c0e304309424beb3a31b2d0f930c14fd..dc8b48e7a8f0912beca41c57984028b39c1c504c 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -3096,7 +3096,11 @@ int ssl3_send_client_key_exchange(SSL *s)
  #ifndef OPENSSL_NO_PSK
                 else if (alg_k & SSL_kPSK)
                         {
-                       char identity[PSK_MAX_IDENTITY_LEN];
+                       /* The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes
+                        * to return a \0-terminated identity. The last byte
+                        * is for us for simulating strnlen. */
+                       char identity[PSK_MAX_IDENTITY_LEN + 2];
+                       size_t identity_len;
                         unsigned char *t = NULL;
                         unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
                         unsigned int pre_ms_len = 0, psk_len = 0;
@@ -3110,8 +3114,9 @@ int ssl3_send_client_key_exchange(SSL *s)
                                 goto err;
                                 }
  
+                       memset(identity, 0, sizeof(identity));
                         psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
-                               identity, PSK_MAX_IDENTITY_LEN,
+                               identity, sizeof(identity) - 1,
                                 psk_or_pre_ms, sizeof(psk_or_pre_ms));
                         if (psk_len > PSK_MAX_PSK_LEN)
                                 {
@@ -3125,7 +3130,14 @@ int ssl3_send_client_key_exchange(SSL *s)
                                         SSL_R_PSK_IDENTITY_NOT_FOUND);
                                 goto psk_err;
                                 }
-
+                       identity[PSK_MAX_IDENTITY_LEN + 1] = '\0';
+                       identity_len = strlen(identity);
+                       if (identity_len > PSK_MAX_IDENTITY_LEN)
+                               {
+                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                       ERR_R_INTERNAL_ERROR);
+                               goto psk_err;
+                               }
                         /* create PSK pre_master_secret */
                         pre_ms_len = 2+psk_len+2+psk_len;
                         t = psk_or_pre_ms;
@@ -3159,14 +3171,13 @@ int ssl3_send_client_key_exchange(SSL *s)
                         s->session->master_key_length =
                                 s->method->ssl3_enc->generate_master_secret(s,
                                         s->session->master_key,
-                                       psk_or_pre_ms, pre_ms_len); 
-                       n = strlen(identity);
-                       s2n(n, p);
-                       memcpy(p, identity, n);
-                       n+=2;
+                                       psk_or_pre_ms, pre_ms_len);
+                       s2n(identity_len, p);
+                       memcpy(p, identity, identity_len);
+                       n = 2 + identity_len;
                         psk_err = 0;
                 psk_err:
-                       OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
+                       OPENSSL_cleanse(identity, sizeof(identity));
                         OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
                         if (psk_err != 0)
                                 {
author	Adam Langley <agl@chromium.org>
	Fri, 20 Jun 2014 19:00:00 +0000 (12:00 -0700)
committer	Emilia Kasper <emilia@openssl.org>
	Fri, 5 Sep 2014 10:22:33 +0000 (12:22 +0200)