From 82429b37e9558e9cf672fe5446aa58d16af7d235 Mon Sep 17 00:00:00 2001 From: Leander Schwarz Date: Mon, 16 Jan 2023 19:06:46 +0000 Subject: Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests Server-TooLongSessionID-TLS1*. r=djackson Depends on D147675 Differential Revision: https://phabricator.services.mozilla.com/D147726 --- lib/ssl/ssl3con.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 103e41581..8e418a458 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -8852,7 +8852,9 @@ ssl3_HandleClientHelloPreamble(sslSocket *ss, PRUint8 **b, PRUint32 *length, SEC /* Grab the client's SID, if present. */ rv = ssl3_ConsumeHandshakeVariable(ss, sidBytes, 1, b, length); - if (rv != SECSuccess) { + /* Check that the SID has the format: opaque legacy_session_id<0..32>, as + * specified in RFC8446, Section 4.1.2. */ + if (rv != SECSuccess || sidBytes->len > SSL3_SESSIONID_BYTES) { return SECFailure; /* malformed */ } -- cgit v1.2.1