From 731f431497f463f3a2a97236fe0187b11c44aead Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 6 Apr 2014 00:51:06 +0100 Subject: Add heartbeat extension bounds check. A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley and Bodo Moeller for preparing the fix (CVE-2014-0160) (cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3) --- ssl/t1_lib.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'ssl/t1_lib.c') diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index a2e2475d13..bcb99b819d 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3969,16 +3969,20 @@ tls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - /* Read type and payload length first */ - hbtype = *p++; - n2s(p, payload); - pl = p; - if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, &s->s3->rrec.data[0], s->s3->rrec.length, s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ + hbtype = *p++; + n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ + pl = p; + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; -- cgit v1.2.3