From a701d2f5e9de777e36388feb7e7ef906844957c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 16 Sep 2015 11:32:18 +0200 Subject: [PATCH] Fix bug in server parsing point formats extension There is only one length byte but for some reason we skipped two, resulting in reading one byte past the end of the extension. Fortunately, even if that extension is at the very end of the ClientHello, it can't be at the end of the buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the buffer has some more room after that for MAC and so on. So there is no buffer overread. Possible consequences are: - nothing, if the next byte is 0x00, which is a comment first byte for other extensions, which is why the bug remained unnoticed - using a point format that was not offered by the peer if next byte is 0x01. In that case the peer will reject our ServerKeyExchange message and the handshake will fail. - thinking that we don't have a common point format even if we do, which will cause us to immediately abort the handshake. None of these are a security issue. The same bug was fixed client-side in fd35af15 Backport of f7022d1 --- ChangeLog | 2 ++ library/ssl_srv.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 18486b382..0dbf4e5e8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,8 @@ Bugfix * Fix memory corruption on client with overlong PSK identity, around SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by Aleksandrs Saveljevs) (#238) + * Fix off-by-one error in parsing Supported Point Format extension that + caused some handshakes to fail. Changes * When verifying a certificate chain, if an intermediate certificate is diff --git a/library/ssl_srv.c b/library/ssl_srv.c index fc217549d..379a3abea 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -582,7 +582,7 @@ static int ssl_parse_supported_point_formats( ssl_context *ssl, return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - p = buf + 2; + p = buf + 1; while( list_size > 0 ) { if( p[0] == POLARSSL_ECP_PF_UNCOMPRESSED ||