Return error in case of bad user configurations

This commits adds returns with the SSL_BAD_CONFIG error code
in case of bad user configurations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Hanno Becker 2017-04-12 14:54:42 +01:00 committed by Ronald Cron
parent b4c0b7556d
commit e131bfec29
2 changed files with 38 additions and 4 deletions

View file

@ -207,6 +207,12 @@
: ( MBEDTLS_SSL_IN_CONTENT_LEN ) \ : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
) )
/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */
#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534
/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
/* /*
* Check that we obey the standard's message size bounds * Check that we obey the standard's message size bounds
*/ */

View file

@ -230,6 +230,9 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, MBEDTLS_SSL_DEBUG_MSG( 3,
( "client hello, adding signature_algorithms extension" ) ); ( "client hello, adding signature_algorithms extension" ) );
if( ssl->conf->sig_hashes == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
{ {
#if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDSA_C)
@ -238,8 +241,18 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
sig_alg_len += 2; sig_alg_len += 2;
#endif #endif
if( sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 3,
( "length in bytes of sig-hash-alg extension too big" ) );
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
}
} }
/* Empty signature algorithms list, this is a configuration error. */
if( sig_alg_len == 0 )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 );
/* /*
@ -310,6 +323,9 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, MBEDTLS_SSL_DEBUG_MSG( 3,
( "client hello, adding supported_elliptic_curves extension" ) ); ( "client hello, adding supported_elliptic_curves extension" ) );
if( ssl->conf->curve_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( grp_id = ssl->conf->curve_list; for( grp_id = ssl->conf->curve_list;
*grp_id != MBEDTLS_ECP_DP_NONE; *grp_id != MBEDTLS_ECP_DP_NONE;
grp_id++ ) grp_id++ )
@ -319,13 +335,21 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, MBEDTLS_SSL_DEBUG_MSG( 1,
( "invalid curve in ssl configuration" ) ); ( "invalid curve in ssl configuration" ) );
return( 0 ); return( MBEDTLS_ERR_SSL_BAD_CONFIG );
} }
elliptic_curve_len += 2; elliptic_curve_len += 2;
if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 3,
( "malformed supported_elliptic_curves extension in config" ) );
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
}
} }
/* Empty elliptic curve list, this is a configuration error. */
if( elliptic_curve_len == 0 ) if( elliptic_curve_len == 0 )
return( 0 ); return( MBEDTLS_ERR_SSL_BAD_CONFIG );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len );
@ -695,7 +719,7 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1; alpnlen += strlen( *cur ) + 1;
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
@ -715,7 +739,11 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
{ {
*p = (unsigned char)( strlen( *cur ) & 0xFF ); /*
* mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
* protocol names is less than 255.
*/
*p = (unsigned char)strlen( *cur );
memcpy( p + 1, *cur, *p ); memcpy( p + 1, *cur, *p );
p += 1 + *p; p += 1 + *p;
} }