Ensure that the client specified EC curve list length is a multiple of two.

The EC curve handling code assumes this to be the case and will read one byte off the end of the curve list during processing, in the case where it is not. ok miod@
author: jsing <jsing@openbsd.org> 2014-12-06 13:28:56 +0000
committer: jsing <jsing@openbsd.org> 2014-12-06 13:28:56 +0000
commit: 86c91ae86b81a5aa1b430fca814b093470fdf1b7 (patch)
tree: 0e3dae2438765d2ccc132ec1bc898cc22ca7acbb /lib/libssl/t1_lib.c
parent: Fix two cases where it is possible to read one or two bytes past the end of (diff)
download: wireguard-openbsd-86c91ae86b81a5aa1b430fca814b093470fdf1b7.tar.xz
wireguard-openbsd-86c91ae86b81a5aa1b430fca814b093470fdf1b7.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 3412e70d307..5a6c0ddba0d 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.69 2014/12/06 13:21:14 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.70 2014/12/06 13:28:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1370,7 +1370,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
 			ellipticcurvelist_length += (*(sdata++));
 
 			if (ellipticcurvelist_length != size - 2 ||
-			    ellipticcurvelist_length < 1) {
+			    ellipticcurvelist_length < 1 ||
+			    ellipticcurvelist_length % 2 != 0) {
 				*al = TLS1_AD_DECODE_ERROR;
 				return 0;
 			}
author	jsing <jsing@openbsd.org>	2014-12-06 13:28:56 +0000
committer	jsing <jsing@openbsd.org>	2014-12-06 13:28:56 +0000
commit	86c91ae86b81a5aa1b430fca814b093470fdf1b7 (patch)
tree	0e3dae2438765d2ccc132ec1bc898cc22ca7acbb /lib/libssl/t1_lib.c
parent	Fix two cases where it is possible to read one or two bytes past the end of (diff)
download	wireguard-openbsd-86c91ae86b81a5aa1b430fca814b093470fdf1b7.tar.xz wireguard-openbsd-86c91ae86b81a5aa1b430fca814b093470fdf1b7.zip