Fix memory leak with crafted ClientHello

This commit is contained in:
Manuel Pégourié-Gonnard 2014-10-17 12:42:11 +02:00
parent 5d8618539f
commit 43c3b28ca6
2 changed files with 10 additions and 0 deletions

View file

@ -7,6 +7,9 @@ Security
* Remotely-triggerable memory leak when parsing some X.509 certificates * Remotely-triggerable memory leak when parsing some X.509 certificates
(server is not affected if it doesn't ask for a client certificate). (server is not affected if it doesn't ask for a client certificate).
(Found using Codenomicon Defensics.) (Found using Codenomicon Defensics.)
* Remotely-triggerable memory leak when parsing crafted ClientHello
(not affected is ECC support was compiled out).
(Found using Codenomicon Defensics.)
Bugfix Bugfix
* Support escaping of commas in x509_string_to_names() * Support escaping of commas in x509_string_to_names()

View file

@ -528,6 +528,13 @@ static int ssl_parse_supported_elliptic_curves( ssl_context *ssl,
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
} }
/* Should never happen unless client duplicates the extension */
if( ssl->handshake->curves != NULL )
{
SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
/* Don't allow our peer to make us allocate too much memory, /* Don't allow our peer to make us allocate too much memory,
* and leave room for a final 0 */ * and leave room for a final 0 */
our_size = list_size / 2 + 1; our_size = list_size / 2 + 1;