Verify that there is no trailing data after the extensions block
authorMatt Caswell <matt@openssl.org>
Mon, 8 May 2017 14:18:25 +0000 (15:18 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 11 May 2017 12:13:04 +0000 (13:13 +0100)
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3436)

ssl/statem/statem_srvr.c

index 7e025a6..5c22ba7 100644 (file)
@@ -1407,7 +1407,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
         if (PACKET_remaining(pkt) == 0) {
             PACKET_null_init(&clienthello->extensions);
         } else {
-            if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)) {
+            if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)
+                    || PACKET_remaining(pkt) != 0) {
                 al = SSL_AD_DECODE_ERROR;
                 SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
                 goto f_err;