Avoid an overflow in constructing the ServerKeyExchange message
authorMatt Caswell <matt@openssl.org>
Fri, 1 Jul 2016 10:58:05 +0000 (11:58 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 1 Jul 2016 18:23:29 +0000 (19:23 +0100)
We calculate the size required for the ServerKeyExchange message and then
call BUF_MEM_grow_clean() on the buffer. However we fail to take account of
2 bytes required for the signature algorithm and 2 bytes for the signature
length, i.e. we could overflow by 4 bytes. In reality this won't happen
because the buffer is pre-allocated to a large size that means it should be
big enough anyway.

Addresses an OCAP Audit issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
ssl/statem/statem_srvr.c

index a88b321..773591c 100644 (file)
@@ -1792,6 +1792,11 @@ int tls_construct_server_key_exchange(SSL *s)
             goto f_err;
         }
         kn = EVP_PKEY_size(pkey);
+        /* Allow space for signature algorithm */
+        if (SSL_USE_SIGALGS(s))
+            kn += 2;
+        /* Allow space for signature length */
+        kn += 2;
     } else {
         pkey = NULL;
         kn = 0;