diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-11-22 14:15:44 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-11-22 14:15:44 +0000 |
commit | e83aefb3a0c645c77849f889bc166935b2cc935c (patch) | |
tree | 5d23255b1ccf9be213d6027bba756905fbcf0e88 /ssl | |
parent | 1740c9fbfc6f94eb550fad1855466437120bd3ba (diff) | |
download | openssl-e83aefb3a0c645c77849f889bc166935b2cc935c.tar.gz |
reject zero length point format list or supported curves extensions
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/t1_lib.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index c53eadfe30..fd13a317c1 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1853,7 +1853,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); - if (ecpointformatlist_length != size - 1) + if (ecpointformatlist_length != size - 1 || + ecpointformatlist_length < 1) { *al = TLS1_AD_DECODE_ERROR; return 0; @@ -1889,7 +1890,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char int ellipticcurvelist_length = (*(sdata++) << 8); ellipticcurvelist_length += (*(sdata++)); - if (ellipticcurvelist_length != size - 2) + if (ellipticcurvelist_length != size - 2 || + ellipticcurvelist_length < 1) { *al = TLS1_AD_DECODE_ERROR; return 0; |