ssl sigalg extension: fix NULL pointer dereference

Peter Kaestle · mattcaswell · commit fb9fa6b51def · 2021-03-25T09:43:33.000Z
As the variable peer_sigalgslen is not cleared on ssl rehandshake, it's possible to crash an openssl tls secured server remotely by sending a manipulated hello message in a rehandshake. On such a manipulated rehandshake, tls1_set_shared_sigalgs() calls tls12_shared_sigalgs() with the peer_sigalgslen of the previous handshake, while the peer_sigalgs has been freed. As a result tls12_shared_sigalgs() walks over the available peer_sigalgs and tries to access data of a NULL pointer. This issue was introduced by c589c34 (Add support for the TLS 1.3 signature_algorithms_cert extension, 2018-01-11). Signed-off-by: Peter Kästle <peter.kaestle@nokia.com> Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com> CVE-2021-3449 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
@@ -1139,6 +1139,7 @@ static int init_sig_algs(SSL *s, unsigned int context)
     /* Clear any signature algorithms extension received */
     OPENSSL_free(s->s3->tmp.peer_sigalgs);
     s->s3->tmp.peer_sigalgs = NULL;
+    s->s3->tmp.peer_sigalgslen = 0;
 
     return 1;
 }

Original file line number	Diff line number	Diff line change
`@@ -1139,6 +1139,7 @@ static int init_sig_algs(SSL *s, unsigned int context)`
`1139`	`1139`	`/* Clear any signature algorithms extension received */`
`1140`	`1140`	`OPENSSL_free(s->s3->tmp.peer_sigalgs);`
`1141`	`1141`	`s->s3->tmp.peer_sigalgs = NULL;`
	`1142`	`+ s->s3->tmp.peer_sigalgslen = 0;`
`1142`	`1143`
`1143`	`1144`	`return 1;`
`1144`	`1145`	`}`