From c6b5d833ec650dea86e471df2c470829c71c8b5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Aug 2015 16:37:35 +0200 Subject: [PATCH] Fix handling of long PSK identities fixes #238 --- ChangeLog | 3 +++ library/ssl_cli.c | 22 ++++++++++++++++++++++ library/ssl_tls.c | 7 +++++++ 3 files changed, 32 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8677ad9d5..a4772e011 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,9 @@ Bugfix result trying to unlock an unlocked mutex on invalid input (found by Fredrik Axelsson) (#257) * Fix -Wshadow warnings (found by hnrkp) (#240) + * Fix memory corruption on client with overlong PSK identity, around + SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by + Aleksandrs Saveljevs) (#238) Changes * The PEM parser now accepts a trailing space at end of lines (#226). diff --git a/library/ssl_cli.c b/library/ssl_cli.c index c6f810cd7..75983d19e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1748,6 +1748,12 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2; unsigned char *p = ssl->handshake->premaster + pms_offset; + if( offset + len_bytes > MBEDTLS_SSL_MAX_CONTENT_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + /* * Generate (part of) the pre-master as * struct { @@ -2522,6 +2528,14 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) i = 4; n = ssl->conf->psk_identity_len; + + if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or " + "SSL buffer too short" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + ssl->out_msg[i++] = (unsigned char)( n >> 8 ); ssl->out_msg[i++] = (unsigned char)( n ); @@ -2550,6 +2564,14 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) * ClientDiffieHellmanPublic public (DHM send G^X mod P) */ n = ssl->handshake->dhm_ctx.len; + + if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long" + " or SSL buffer too short" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + ssl->out_msg[i++] = (unsigned char)( n >> 8 ); ssl->out_msg[i++] = (unsigned char)( n ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 80dbe8a7d..793d2415e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5457,6 +5457,13 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, if( psk_len > MBEDTLS_PSK_MAX_LEN ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + /* Identity len will be encoded on two bytes */ + if( ( psk_identity_len >> 16 ) != 0 || + psk_identity_len > MBEDTLS_SSL_MAX_CONTENT_LEN ) + { + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + if( conf->psk != NULL || conf->psk_identity != NULL ) { mbedtls_free( conf->psk );