Ensure that a server hello does not have trailing data.

author jsing <jsing@openbsd.org>

Fri, 3 Sep 2021 13:18:17 +0000 (13:18 +0000)

committer jsing <jsing@openbsd.org>

Fri, 3 Sep 2021 13:18:17 +0000 (13:18 +0000)
author jsing <jsing@openbsd.org>
Fri, 3 Sep 2021 13:18:17 +0000 (13:18 +0000)
committer jsing <jsing@openbsd.org>
Fri, 3 Sep 2021 13:18:17 +0000 (13:18 +0000)
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c

index e27a073..ddab394 100644 (file)
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.110 2021/09/02 14:41:03 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.111 2021/09/03 13:18:17 jsing Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
@@ -1065,6 +1065,9 @@ ssl3_get_server_hello(SSL *s)
                 goto fatal_err;
         }
  
+       if (CBS_len(&cbs) != 0)
+               goto decode_err;
+
         /*
          * Determine if we need to see RI. Strictly speaking if we want to
          * avoid an attack we should *always* see RI even on initial server
author	jsing <jsing@openbsd.org>
	Fri, 3 Sep 2021 13:18:17 +0000 (13:18 +0000)
committer	jsing <jsing@openbsd.org>
	Fri, 3 Sep 2021 13:18:17 +0000 (13:18 +0000)