aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/t1_lib.c
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2014-04-06 00:51:06 +0100
committerDr. Stephen Henson <steve@openssl.org>2014-04-07 19:44:38 +0100
commit731f431497f463f3a2a97236fe0187b11c44aead (patch)
tree1740eb9099bdb2e120c6d9fbfd10572d58a6f436 /ssl/t1_lib.c
parent4e6c12f3088d3ee5747ec9e16d03fc671b8f40be (diff)
downloadopenssl-731f431497f463f3a2a97236fe0187b11c44aead.tar.gz
Add heartbeat extension bounds check.
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix (CVE-2014-0160) (cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r--ssl/t1_lib.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a2e2475d13..bcb99b819d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3969,16 +3969,20 @@ tls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-13 06:29:32 +0000