sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity

tls-server: Fix invalid signature algorithm and supported groups parsing

Browse Source 
The extension's content length field was wrongly added to the content data.

Fixes: 06109c4717 ("Implemented "signature algorithm" hello extension")
This commit is contained in:
Pascal Knecht 2020-10-09 19:14:11 +02:00 committed by Tobias Brunner
parent 3767a4a655
commit 0dfe1590b6
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/libtls/tls_server.c
View File

@ -357,10 +357,28 @@ static status_t process_client_hello(private_tls_server_t *this,
switch (extension_type)
{
case TLS_EXT_SIGNATURE_ALGORITHMS:
if (!extension->read_data16(extension, &extension_data))
{
DBG1(DBG_TLS, "invalid %N extension",
tls_extension_names, extension_type);
this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
extensions->destroy(extensions);
extension->destroy(extension);
return NEED_MORE;
}
chunk_free(&this->hashsig);
this->hashsig = chunk_clone(extension_data);
break;
case TLS_EXT_SUPPORTED_GROUPS:
if (!extension->read_data16(extension, &extension_data))
{
DBG1(DBG_TLS, "invalid %N extension",
tls_extension_names, extension_type);
this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
extensions->destroy(extensions);
extension->destroy(extension);
return NEED_MORE;
}
chunk_free(&this->curves);
this->curves_received = TRUE;
this->curves = chunk_clone(extension_data);
@ -370,8 +388,7 @@ static status_t process_client_hello(private_tls_server_t *this,
{
DBG1(DBG_TLS, "invalid %N extension",
tls_extension_names, extension_type);
this->alert->add(this->alert, TLS_FATAL,
TLS_DECODE_ERROR);
this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
extensions->destroy(extensions);
extension->destroy(extension);
return NEED_MORE;