-
-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix ssl_next_proto_validate #506
Conversation
It seems like it's also no longer checking the size. |
OpenSSL 1.0.2 doen't allow zero-length protocol name, but current master does. |
On Sat, Dec 12, 2015 at 08:22:15PM -0800, rhenium wrote:
I know, but 1.0.2 also checks the total size while master doesn't. |
Seems like current master also checks it. PACKET pkt;
PACKET_buf_init(&pkt, "\002ab\003cd", 6);
if (ssl_next_proto_validate(&pkt)) {
/* doesn't reach here */
} |
acee7ea
to
1750c17
Compare
The current code does correctly check the total length. Since the new (current) [1] Line 2334 in bbe9769
[2] Line 2390 in bbe9769
|
Rebased and updated commit message. |
@@ -2337,6 +2337,7 @@ static char ssl_next_proto_validate(PACKET *pkt) | |||
|
|||
while (PACKET_remaining(pkt)) { | |||
if (!PACKET_get_1(pkt, &len) | |||
|| !len |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should in fact be using PACKET_get_length_prefixed_1
for reading length-prefixed packets. Then just check that the subpacket is not empty. Would you mind changing to that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I didn't know it. I'll update soon.
1750c17
to
87e735e
Compare
if (!PACKET_get_1(pkt, &len) | ||
|| !PACKET_forward(pkt, len)) | ||
if (!PACKET_get_length_prefixed_1(pkt, &tmp_protocol) | ||
|| !PACKET_remaining(&tmp_protocol)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: could write PACKET_remaining(&tmp_protocol) != 0
. (Not a boolean return.)
Otherwise +1.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed and pushed.
Since 50932c4 "PACKETise ServerHello processing", ssl_next_proto_validate() incorrectly allows empty protocol name. draft-agl-tls-nextprotoneg-04[1] says "Implementations MUST ensure that the empty string is not included and that no byte strings are truncated." This patch restores the old correct behavior. [1] https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04
87e735e
to
5fd6db0
Compare
+1 from me. |
So @kroeckx are you okay with this? |
Ping. |
+1 |
Merged. Thanks. |
ssl_next_proto_validate
is not validating the length of each advertised protocol name.This change was introduced by commit 50932c4.