git.openssl.org Git - openssl.git/commit

author	Adam Langley <agl@chromium.org>
	Fri, 20 Jun 2014 19:00:00 +0000 (12:00 -0700)
committer	Emilia Kasper <emilia@openssl.org>
	Fri, 5 Sep 2014 10:22:33 +0000 (12:22 +0200)
commit	e12e8757594ff6e8ee739c9c0d7796fa522641d8
tree	3a88881bb84a66fd76a40658b6ac787a9701ab5a	tree \| snapshot
parent	0600a5cd4996e8e469b99470c8eda24498ab4373	commit \| diff

psk_client_callback, 128-byte id bug.

Fix a bug in handling of 128 byte long PSK identity in
psk_client_callback.

OpenSSL supports PSK identities of up to (and including) 128 bytes in
length. PSK identity is obtained via the psk_client_callback,
implementors of which are expected to provide a NULL-terminated
identity. However, the callback is invoked with only 128 bytes of
storage thus making it impossible to return a 128 byte long identity and
the required additional NULL byte.

This CL fixes the issue by passing in a 129 byte long buffer into the
psk_client_callback. As a safety precaution, this CL also zeroes out the
buffer before passing it into the callback, uses strnlen for obtaining
the length of the identity returned by the callback, and aborts the
handshake if the identity (without the NULL terminator) is longer than
128 bytes.

(Original patch amended to achieve strnlen in a different way.)

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit be0d851732bad7370640702bc9c4a33189ede287)