From 7040553a02ac1454a6b73044f9abd36274d34c08 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 14 Mar 2018 11:31:13 +0100 Subject: [PATCH 1/6] Add bounds check before length read --- library/ssl_cli.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 94c521dd9..7bf9933cc 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1850,6 +1850,12 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, * * opaque psk_identity_hint<0..2^16-1>; */ + if( (*p) > end - 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " + "(psk_identity_hint length)" ) ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } len = (*p)[0] << 8 | (*p)[1]; *p += 2; From 0e0afacbc502c01a39ab4322dca6ee8bc93066f9 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 14 Mar 2018 11:31:53 +0100 Subject: [PATCH 2/6] Prevent arithmetic overflow on bounds check --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 7bf9933cc..5bfcb9535 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1859,7 +1859,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, len = (*p)[0] << 8 | (*p)[1]; *p += 2; - if( (*p) + len > end ) + if( (*p) > end -len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " "(psk_identity_hint length)" ) ); From a7a8332402c9d894c26cf4f4c47f72b0d6f29642 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 14 Mar 2018 11:33:28 +0100 Subject: [PATCH 3/6] Update change log --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index ed7818e30..33f2f8652 100644 --- a/ChangeLog +++ b/ChangeLog @@ -446,6 +446,10 @@ Changes = mbed TLS 2.1.0 released 2015-09-04 +Security + * Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a + crash on invalid input. + Features * Added support for yotta as a build system. * Primary open source license changed to Apache 2.0 license. @@ -481,6 +485,8 @@ Bugfix * Fix unused function warning when using MBEDTLS_MDx_ALT or MBEDTLS_SHAxxx_ALT (found by Henrik) (#239) * Fix memory corruption in pkey programs (found by yankuncheng) (#210) + * Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that + could cause a key exchange to fail on valid data. Changes * The PEM parser now accepts a trailing space at end of lines (#226). From ce0d3ca1282dc599a5c65038a8afc058238d605f Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 14 Mar 2018 11:50:18 +0100 Subject: [PATCH 4/6] Add bounds check before signature length read --- library/ssl_cli.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 94c521dd9..a126b79fe 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2236,6 +2236,13 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) /* * Read signature */ + if( p > end - 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } sig_len = ( p[0] << 8 ) | p[1]; p += 2; From c86b880411191c3e56105ea1bcd45314a73d77dc Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 14 Mar 2018 11:50:54 +0100 Subject: [PATCH 5/6] Prevent arithmetic overflow on bounds check --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a126b79fe..b607fda71 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2246,7 +2246,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) sig_len = ( p[0] << 8 ) | p[1]; p += 2; - if( end != p + sig_len ) + if( p != end - sig_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); From d3cec993774f638540051501ba8617bc1e37cfbb Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 14 Mar 2018 11:52:22 +0100 Subject: [PATCH 6/6] Update change log --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index ed7818e30..acb533012 100644 --- a/ChangeLog +++ b/ChangeLog @@ -446,6 +446,10 @@ Changes = mbed TLS 2.1.0 released 2015-09-04 +Security + * Fix a buffer overread in ssl_parse_server_key_exchange() that could cause + a crash on invalid input. + Features * Added support for yotta as a build system. * Primary open source license changed to Apache 2.0 license. @@ -481,6 +485,8 @@ Bugfix * Fix unused function warning when using MBEDTLS_MDx_ALT or MBEDTLS_SHAxxx_ALT (found by Henrik) (#239) * Fix memory corruption in pkey programs (found by yankuncheng) (#210) + * Fix a possible arithmetic overflow in ssl_parse_server_key_exchange() + that could cause a key exchange to fail on valid data. Changes * The PEM parser now accepts a trailing space at end of lines (#226).