root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Disallow zero length signature algorithms 

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)
This commit is contained in:
Dr. Stephen Henson 2017-03-03 02:44:18 +00:00
parent 224b4e37c0
commit 8f12296e23
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ssl/statem/statem_srvr.c
View File

@ -2497,6 +2497,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
size_t nl = tls12_get_psigalgs(s, 1, &psigs); size_t nl = tls12_get_psigalgs(s, 1, &psigs);
if (!WPACKET_start_sub_packet_u16(pkt) if (!WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)
|| !tls12_copy_sigalgs(s, pkt, psigs, nl) || !tls12_copy_sigalgs(s, pkt, psigs, nl)
|| !WPACKET_close(pkt)) { || !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,

2
ssl/t1_lib.c
View File

@ -1563,7 +1563,7 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt)
size = PACKET_remaining(pkt); size = PACKET_remaining(pkt);
/* Invalid data length */ /* Invalid data length */
if ((size & 1) != 0) if (size == 0 || (size & 1) != 0)
return 0; return 0;
size >>= 1; size >>= 1;