Fix bug with extension-less ServerHello

https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug

in_hslen include the length of the handshake header. (We might want to change
that in the future, as it is a bit annoying.)
This commit is contained in:
Manuel Pégourié-Gonnard 2015-07-23 12:14:13 +02:00
parent cb0d212c97
commit a6e5bd5654
2 changed files with 4 additions and 2 deletions

View file

@ -6,6 +6,8 @@ Bugfix
* Fix segfault in the benchmark program when benchmarking DHM. * Fix segfault in the benchmark program when benchmarking DHM.
* Fix build error with CMake and pre-4.5 versions of GCC (found by Hugo * Fix build error with CMake and pre-4.5 versions of GCC (found by Hugo
Leisink). Leisink).
* Fix bug when parsing a ServerHello without extensions (found by David
Sears).
= mbed TLS 2.0.0 released 2015-07-13 = mbed TLS 2.0.0 released 2015-07-13

View file

@ -1269,7 +1269,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} }
if( ssl->in_hslen > 39 + n ) if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n )
{ {
ext_len = ( ( buf[38 + n] << 8 ) ext_len = ( ( buf[38 + n] << 8 )
| ( buf[39 + n] ) ); | ( buf[39 + n] ) );
@ -1281,7 +1281,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} }
} }
else if( ssl->in_hslen == 38 + n ) else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n )
{ {
ext_len = 0; ext_len = 0;
} }