Hi,
It seems that I've found two small bugs in OpenSSL (at least 0.9.6c
and the latest snapshot).
In ssl/s3_srvr.c function ssl3_get_client_hello, after the
last field (compression) has been parsed, there's a test:
/* TLS does not mind if there is extra stuff */
if (s->version == SSL3_VERSION)
{
if (p > (d+n))
{
/* wrong number of bytes,
* there could be more to follow */
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
goto f_err;
}
}
Here "d" points to the start of the message, "p" to the
current location, and "n" is the length of the frame.
There are actually two bugs: First, the test should of
course be "p < (d+n)".
Second, if "p > (d+n)" then we have read past the end of the packet
anyway so it is an error no matter which protocol version we have.
It seems that the memory buffer allocated is always large enough,
so this does not crash OpenSSL or anything like that, but it
causes OpenSSL to accept invalid hello packets.
Best regards,
Pasi
--
Pasi Eronen E-mail [EMAIL PROTECTED]
Nixu Oy Tel +358 50 5123499
Mäkelänkatu 91, 00610 Helsinki Fax +358 9 4781030
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
