From 2daeb91f074ac9f9bb87cdb2a844cc04a7b1dd2b Mon Sep 17 00:00:00 2001 From: jsing Date: Sat, 20 Feb 2021 08:19:01 +0000 Subject: [PATCH] Group HelloVerifyRequest decoding and add missing check for trailing data. ok tb@ --- lib/libssl/ssl_clnt.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 0c7bdbc7762..680cafa8e56 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.78 2021/02/07 15:26:32 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.79 2021/02/20 08:19:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -812,6 +812,10 @@ ssl3_get_dtls_hello_verify(SSL *s) if (!CBS_get_u16(&hello_verify_request, &ssl_version)) goto truncated; + if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) + goto truncated; + if (CBS_len(&hello_verify_request) != 0) + goto truncated; if (ssl_version != s->version) { SSLerror(s, SSL_R_WRONG_SSL_VERSION); @@ -820,9 +824,6 @@ ssl3_get_dtls_hello_verify(SSL *s) goto f_err; } - if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) - goto truncated; - if (!CBS_write_bytes(&cookie, D1I(s)->cookie, sizeof(D1I(s)->cookie), &cookie_len)) { D1I(s)->cookie_len = 0; -- 2.20.1