diff options
author | Leander Schwarz <lschwarz@mozilla.com> | 2023-01-16 19:06:46 +0000 |
---|---|---|
committer | Leander Schwarz <lschwarz@mozilla.com> | 2023-01-16 19:06:46 +0000 |
commit | 82429b37e9558e9cf672fe5446aa58d16af7d235 (patch) | |
tree | 5785ef6285a75217f6dbe3e69ffd14ee42fcf121 | |
parent | f1d7967e22830a08584bc88133932bef98ff622f (diff) | |
download | nss-hg-82429b37e9558e9cf672fe5446aa58d16af7d235.tar.gz |
Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests Server-TooLongSessionID-TLS1*. r=djacksonNSS_3_88_BETA1
Depends on D147675
Differential Revision: https://phabricator.services.mozilla.com/D147726
-rw-r--r-- | gtests/nss_bogo_shim/config.json | 1 | ||||
-rw-r--r-- | lib/ssl/ssl3con.c | 4 |
2 files changed, 3 insertions, 2 deletions
diff --git a/gtests/nss_bogo_shim/config.json b/gtests/nss_bogo_shim/config.json index 24aad553b..f7ea06726 100644 --- a/gtests/nss_bogo_shim/config.json +++ b/gtests/nss_bogo_shim/config.json @@ -38,7 +38,6 @@ "TLS13-ExpectNoSessionTicketOnBadKEMode-Server":"NSS Server side bug. Don't send ticket when not permitted by KE modes (Bug 1317635)", "Resume-Server-OmitPSKsOnSecondClientHello":"NSS Server side bug. It does not detect ClientHello dropping of PSK extension (after HRR).", "Renegotiate-Client-Forbidden-1":"By default NSS allows renegotiation with extension contrary to bogo.", - "Server-TooLongSessionID*":"NSS does not check the length of the ClientHello sessionID.", "TrailingData*":"NSS does only check for trailing data on possible key change handshake messages in TLS 1.3", "Partial*":"See TrailingData* description.", "QUIC-ECH*":"NSS does not support QUIC.", diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 103e41581..8e418a458 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -8852,7 +8852,9 @@ ssl3_HandleClientHelloPreamble(sslSocket *ss, PRUint8 **b, PRUint32 *length, SEC /* Grab the client's SID, if present. */ rv = ssl3_ConsumeHandshakeVariable(ss, sidBytes, 1, b, length); - if (rv != SECSuccess) { + /* Check that the SID has the format: opaque legacy_session_id<0..32>, as + * specified in RFC8446, Section 4.1.2. */ + if (rv != SECSuccess || sidBytes->len > SSL3_SESSIONID_BYTES) { return SECFailure; /* malformed */ } |