diff options
| author |   jsing <jsing@openbsd.org> | 2021-02-20 08:19:01 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2021-02-20 08:19:01 +0000 |
| commit | 2daeb91f074ac9f9bb87cdb2a844cc04a7b1dd2b (patch) | |
| tree | 3cc2034ba4fab9a728165458cb788a14a6e73cce /lib/libssl/ssl_clnt.c | |
| parent | Add various public DTLS related defines. (diff) | |
| download | wireguard-openbsd-2daeb91f074ac9f9bb87cdb2a844cc04a7b1dd2b.tar.xz wireguard-openbsd-2daeb91f074ac9f9bb87cdb2a844cc04a7b1dd2b.zip | |
Group HelloVerifyRequest decoding and add missing check for trailing data.
ok tb@
Diffstat (limited to 'lib/libssl/ssl_clnt.c')
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 0c7bdbc7762..680cafa8e56 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.78 2021/02/07 15:26:32 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.79 2021/02/20 08:19:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -812,6 +812,10 @@ ssl3_get_dtls_hello_verify(SSL *s) if (!CBS_get_u16(&hello_verify_request, &ssl_version)) goto truncated; + if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) + goto truncated; + if (CBS_len(&hello_verify_request) != 0) + goto truncated; if (ssl_version != s->version) { SSLerror(s, SSL_R_WRONG_SSL_VERSION); @@ -820,9 +824,6 @@ ssl3_get_dtls_hello_verify(SSL *s) goto f_err; } - if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) - goto truncated; - if (!CBS_write_bytes(&cookie, D1I(s)->cookie, sizeof(D1I(s)->cookie), &cookie_len)) { D1I(s)->cookie_len = 0; |