From 36f70bb40960c0c9c59b3be1bf5c4527b82d5055 Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 20 Jul 2022 13:35:05 +0000 Subject: [PATCH] Factor out ALPN extension format check The ALPN extension must contain a non-empty list of protocol names. Split a check of this out of tlsext_alpn_server_parse() so that it can be reused elsewhere in the library. ok jsing --- lib/libssl/ssl_tlsext.c | 38 +++++++++++++++++++++++++------------- lib/libssl/ssl_tlsext.h | 3 ++- 2 files changed, 27 insertions(+), 14 deletions(-) diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 6063991306f..781d40d03a8 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.121 2022/07/17 14:54:10 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.122 2022/07/20 13:35:05 tb Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -62,30 +62,42 @@ tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } +int +tlsext_alpn_check_format(CBS *cbs) +{ + CBS proto_name_list; + + if (CBS_len(cbs) == 0) + return 0; + + CBS_dup(cbs, &proto_name_list); + while (CBS_len(&proto_name_list) > 0) { + CBS proto_name; + + if (!CBS_get_u8_length_prefixed(&proto_name_list, &proto_name)) + return 0; + if (CBS_len(&proto_name) == 0) + return 0; + } + + return 1; +} + int tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) { - CBS proto_name_list, alpn; + CBS alpn; const unsigned char *selected; unsigned char selected_len; int r; if (!CBS_get_u16_length_prefixed(cbs, &alpn)) goto err; - if (CBS_len(&alpn) < 2) - goto err; if (CBS_len(cbs) != 0) goto err; - CBS_dup(&alpn, &proto_name_list); - while (CBS_len(&proto_name_list) > 0) { - CBS proto_name; - - if (!CBS_get_u8_length_prefixed(&proto_name_list, &proto_name)) - goto err; - if (CBS_len(&proto_name) == 0) - goto err; - } + if (!tlsext_alpn_check_format(&alpn)) + goto err; if (s->ctx->internal->alpn_select_cb == NULL) return 1; diff --git a/lib/libssl/ssl_tlsext.h b/lib/libssl/ssl_tlsext.h index 268b2749483..393ee5d90df 100644 --- a/lib/libssl/ssl_tlsext.h +++ b/lib/libssl/ssl_tlsext.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.h,v 1.30 2022/06/29 17:39:20 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.h,v 1.31 2022/07/20 13:35:05 tb Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -31,6 +31,7 @@ __BEGIN_HIDDEN_DECLS +int tlsext_alpn_check_format(CBS *cbs); int tlsext_alpn_client_needs(SSL *s, uint16_t msg_type); int tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb); int tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -- 2.20.1