diff options
Diffstat (limited to 'ssl/statem/statem_clnt.c')
-rw-r--r-- | ssl/statem/statem_clnt.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index ab77ba05e9..0b4931d6d0 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1373,7 +1373,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) context = SSL_IS_TLS13(s) ? SSL_EXT_TLS1_3_SERVER_HELLO : SSL_EXT_TLS1_2_SERVER_HELLO; - if (!tls_collect_extensions(s, &extpkt, context, &extensions, &al, NULL)) + if (!tls_collect_extensions(s, &extpkt, context, &extensions, &al, NULL, 1)) goto f_err; s->hit = 0; @@ -1525,7 +1525,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) } #endif - if (!tls_parse_all_extensions(s, context, extensions, NULL, 0, &al)) + if (!tls_parse_all_extensions(s, context, extensions, NULL, 0, &al, 1)) goto f_err; #ifndef OPENSSL_NO_SCTP @@ -1616,9 +1616,9 @@ static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt) } if (!tls_collect_extensions(s, &extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, - &extensions, &al, NULL) + &extensions, &al, NULL, 1) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, - extensions, NULL, 0, &al)) + extensions, NULL, 0, &al, 1)) goto f_err; OPENSSL_free(extensions); @@ -1711,9 +1711,10 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) } if (!tls_collect_extensions(s, &extensions, SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, - &al, NULL) + &al, NULL, chainidx == 0) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE, - rawexts, x, chainidx, &al)) { + rawexts, x, chainidx, &al, + !PACKET_remaining(pkt))) { OPENSSL_free(rawexts); goto f_err; } @@ -2340,9 +2341,9 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) } if (!tls_collect_extensions(s, &extensions, SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, - &rawexts, &al, NULL) + &rawexts, &al, NULL, 1) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, - rawexts, NULL, 0, &al)) { + rawexts, NULL, 0, &al, 1)) { OPENSSL_free(rawexts); goto err; } @@ -2501,10 +2502,10 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) if (!PACKET_as_length_prefixed_2(pkt, &extpkt) || !tls_collect_extensions(s, &extpkt, SSL_EXT_TLS1_3_NEW_SESSION_TICKET, - &exts, &al, NULL) + &exts, &al, NULL, 1) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_NEW_SESSION_TICKET, - exts, NULL, 0, &al)) { + exts, NULL, 0, &al, 1)) { SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_BAD_EXTENSION); goto f_err; } @@ -3464,9 +3465,9 @@ static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt) if (!tls_collect_extensions(s, &extensions, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts, - &al, NULL) + &al, NULL, 1) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, - rawexts, NULL, 0, &al)) + rawexts, NULL, 0, &al, 1)) goto err; OPENSSL_free(rawexts); |