Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests Server-TooLongSessionID-TLS1*. r=djacksonNSS_3_88_BETA1

Depends on D147675

Differential Revision: https://phabricator.services.mozilla.com/D147726

2 files changed, 3 insertions, 2 deletions

diff --git a/gtests/nss_bogo_shim/config.json b/gtests/nss_bogo_shim/config.json
index 24aad553b..f7ea06726 100644
--- a/gtests/nss_bogo_shim/config.json
+++ b/gtests/nss_bogo_shim/config.json
@@ -38,7 +38,6 @@
         "TLS13-ExpectNoSessionTicketOnBadKEMode-Server":"NSS Server side bug. Don't send ticket when not permitted by KE modes (Bug 1317635)",
         "Resume-Server-OmitPSKsOnSecondClientHello":"NSS Server side bug. It does not detect ClientHello dropping of PSK extension (after HRR).",
         "Renegotiate-Client-Forbidden-1":"By default NSS allows renegotiation with extension contrary to bogo.",
-        "Server-TooLongSessionID*":"NSS does not check the length of the ClientHello sessionID.",
         "TrailingData*":"NSS does only check for trailing data on possible key change handshake messages in TLS 1.3",
         "Partial*":"See TrailingData* description.",
         "QUIC-ECH*":"NSS does not support QUIC.",
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
index 103e41581..8e418a458 100644
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -8852,7 +8852,9 @@ ssl3_HandleClientHelloPreamble(sslSocket *ss, PRUint8 **b, PRUint32 *length, SEC
 
     /* Grab the client's SID, if present. */
     rv = ssl3_ConsumeHandshakeVariable(ss, sidBytes, 1, b, length);
-    if (rv != SECSuccess) {
+    /* Check that the SID has the format: opaque legacy_session_id<0..32>, as
+     * specified in RFC8446, Section 4.1.2. */
+    if (rv != SECSuccess || sidBytes->len > SSL3_SESSIONID_BYTES) {
         return SECFailure; /* malformed */
     }