isaacpittman-hitachi / rpms / openssl

Forked from rpms/openssl 2 years ago
Clone
Blob Blame History Raw
diff -up openssl-1.0.1e/ssl/ssl_sess.c.pointer-arithmetic openssl-1.0.1e/ssl/ssl_sess.c
diff -up openssl-1.0.1e/ssl/s3_srvr.c.pointer-arithmetic openssl-1.0.1e/ssl/s3_srvr.c
--- openssl-1.0.1e/ssl/s3_srvr.c.pointer-aritmetic	2016-09-20 15:00:06.348015761 +0200
+++ openssl-1.0.1e/ssl/s3_srvr.c	2016-09-20 15:14:11.630423575 +0200
@@ -973,6 +973,13 @@ int ssl3_get_client_hello(SSL *s)
 		unsigned int session_length, cookie_length;
 		
 		session_length = *(p + SSL3_RANDOM_SIZE);
+
+		if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p)
+			{
+			al = SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
 		cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
 
 		if (cookie_length == 0)
@@ -986,6 +993,13 @@ int ssl3_get_client_hello(SSL *s)
 	/* get the session-id */
 	j= *(p++);
 
+	if ((d + n) - p < j)
+		{
+		al = SSL_AD_DECODE_ERROR;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+		goto f_err;
+		}
+
 	s->hit=0;
 	/* Versions before 0.9.7 always allow clients to resume sessions in renegotiation.
 	 * 0.9.7 and later allow this by default, but optionally ignore resumption requests
@@ -1024,8 +1038,21 @@ int ssl3_get_client_hello(SSL *s)
 	if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
 		{
 		/* cookie stuff */
+		if ((d + n) - p < 1)
+			{
+			al = SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
 		cookie_len = *(p++);
 
+		if ((d + n ) - p < cookie_len)
+			{
+			al = SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
+
 		/* 
 		 * The ClientHello may contain a cookie even if the
 		 * HelloVerify message has not been sent--make sure that it
@@ -1072,6 +1099,12 @@ int ssl3_get_client_hello(SSL *s)
 		p += cookie_len;
 		}
 
+		if ((d + n ) - p < 2)
+			{
+			al = SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
 	n2s(p,i);
 	if ((i == 0) && (j != 0))
 		{
@@ -1080,7 +1113,9 @@ int ssl3_get_client_hello(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
 		goto f_err;
 		}
-	if ((p+i) >= (d+n))
+
+	/* i bytes of cipher data + 1 byte for compression length later */
+	if ((d + n) - p < i + 1)
 		{
 		/* not enough data */
 		al=SSL_AD_DECODE_ERROR;
@@ -1147,7 +1182,7 @@ int ssl3_get_client_hello(SSL *s)
 
 	/* compression */
 	i= *(p++);
-	if ((p+i) > (d+n))
+	if ((d + n) - p < i)
 		{
 		/* not enough data */
 		al=SSL_AD_DECODE_ERROR;
diff -up openssl-1.0.1e/ssl/t1_lib.c.pointer-arithmetic openssl-1.0.1e/ssl/t1_lib.c
--- openssl-1.0.1e/ssl/t1_lib.c.pointer-aritmetic	2016-09-20 15:00:06.351015830 +0200
+++ openssl-1.0.1e/ssl/t1_lib.c	2016-09-20 15:37:34.660870014 +0200
@@ -923,19 +923,19 @@ int ssl_parse_clienthello_tlsext(SSL *s,
 	                       SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
 #endif
 
-	if (data >= (d+n-2))
+	if ((d + n) - data < 2)
 		goto ri_check;
 	n2s(data,len);
 
-	if (data > (d+n-len)) 
+	if ((d + n) - data < len) 
 		goto ri_check;
 
-	while (data <= (d+n-4))
+	while ((d + n) - data >= 4)
 		{
 		n2s(data,type);
 		n2s(data,size);
 
-		if (data+size > (d+n))
+		if ((d + n) - data < size)
 	   		goto ri_check;
 #if 0
 		fprintf(stderr,"Received extension type %d size %d\n",type,size);
@@ -1437,22 +1437,22 @@ int ssl_parse_serverhello_tlsext(SSL *s,
 	                       SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
 #endif
 
-	if (data >= (d+n-2))
+	if ((d + n) - data <= 2)
 		goto ri_check;
 
 	n2s(data,length);
-	if (data+length != d+n)
+	if ((d + n) - data != length)
 		{
 		*al = SSL_AD_DECODE_ERROR;
 		return 0;
 		}
 
-	while(data <= (d+n-4))
+	while ((d + n) - data >= 4)
 		{
 		n2s(data,type);
 		n2s(data,size);
 
-		if (data+size > (d+n))
+		if ((d + n) - data < size)
 	   		goto ri_check;
 
 		if (s->tlsext_debug_cb)
@@ -2139,30 +2139,30 @@ int tls1_process_ticket(SSL *s, unsigned
 	if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
 		{
 		i = *(p++);
-		p+= i;
-		if (p >= limit)
+		if (limit - p <= i)
 			return -1;
+		p += i;
 		}
 	/* Skip past cipher list */
 	n2s(p, i);
-	p+= i;
-	if (p >= limit)
+	if (limit - p <= i)
 		return -1;
+	p += i;
 	/* Skip past compression algorithm list */
 	i = *(p++);
-	p += i;
-	if (p > limit)
+	if (limit - p  < i)
 		return -1;
+	p += i;
 	/* Now at start of extensions */
-	if ((p + 2) >= limit)
+	if (limit - p <= 2)
 		return 0;
 	n2s(p, i);
-	while ((p + 4) <= limit)
+	while (limit - p >= 4)
 		{
 		unsigned short type, size;
 		n2s(p, type);
 		n2s(p, size);
-		if (p + size > limit)
+		if (limit - p < size)
 			return 0;
 		if (type == TLSEXT_TYPE_session_ticket)
 			{