tls-server: Fix invalid signature algorithm and supported groups parsing

author Pascal Knecht <pascal.knecht@hsr.ch>

Fri, 9 Oct 2020 17:14:11 +0000 (19:14 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Fri, 12 Feb 2021 13:35:23 +0000 (14:35 +0100)
author Pascal Knecht <pascal.knecht@hsr.ch>
Fri, 9 Oct 2020 17:14:11 +0000 (19:14 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Fri, 12 Feb 2021 13:35:23 +0000 (14:35 +0100)
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c

index 3d114d5..07a1ca3 100644 (file)
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -357,10 +357,28 @@ static status_t process_client_hello(private_tls_server_t *this,
                 switch (extension_type)
                 {
                         case TLS_EXT_SIGNATURE_ALGORITHMS:
+                               if (!extension->read_data16(extension, &extension_data))
+                               {
+                                       DBG1(DBG_TLS, "invalid %N extension",
+                                                tls_extension_names, extension_type);
+                                       this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
+                                       extensions->destroy(extensions);
+                                       extension->destroy(extension);
+                                       return NEED_MORE;
+                               }
                                 chunk_free(&this->hashsig);
                                 this->hashsig = chunk_clone(extension_data);
                                 break;
                         case TLS_EXT_SUPPORTED_GROUPS:
+                               if (!extension->read_data16(extension, &extension_data))
+                               {
+                                       DBG1(DBG_TLS, "invalid %N extension",
+                                                tls_extension_names, extension_type);
+                                       this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
+                                       extensions->destroy(extensions);
+                                       extension->destroy(extension);
+                                       return NEED_MORE;
+                               }
                                 chunk_free(&this->curves);
                                 this->curves_received = TRUE;
                                 this->curves = chunk_clone(extension_data);
@@ -370,8 +388,7 @@ static status_t process_client_hello(private_tls_server_t *this,
                                 {
                                         DBG1(DBG_TLS, "invalid %N extension",
                                                  tls_extension_names, extension_type);
-                                       this->alert->add(this->alert, TLS_FATAL,
-                                                                        TLS_DECODE_ERROR);
+                                       this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
                                         extensions->destroy(extensions);
                                         extension->destroy(extension);
                                         return NEED_MORE;
author	Pascal Knecht <pascal.knecht@hsr.ch>
	Fri, 9 Oct 2020 17:14:11 +0000 (19:14 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Fri, 12 Feb 2021 13:35:23 +0000 (14:35 +0100)