Parse HelloVerifyRequest: avoid buffer overread at the start

In ssl_parse_hello_verify_request, we read 3 bytes (version and cookie length) without checking that there are that many bytes left in ssl->in_msg. This could potentially read from memory outside of the ssl->receive buffer (which would be a remotely exploitable crash).
2019-09-27 14:02:44 +02:00 · 2019-09-27 14:02:44 +02:00 · b64bf0638f
commit b64bf0638f
parent b51130dd5c
1 changed files with 13 additions and 0 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -1577,6 +1577,19 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )

    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );

+    /* Check that there is enough room for:
+     * - 2 bytes of version
+     * - 1 byte of cookie_len
+     */
+    if( mbedtls_ssl_hs_hdr_len( ssl ) + 3 > ssl->in_msglen )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1,
+            ( "incoming HelloVerifyRequest message is too short" ) );
+        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                    MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
+
    /*
     * struct {
     *   ProtocolVersion server_version;