From: Matt Caswell Date: Fri, 4 Nov 2016 09:49:16 +0000 (+0000) Subject: Check key_exchange data length is not 0 X-Git-Tag: OpenSSL_1_1_1-pre1~3043 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=323f212aa792904b7312d22f6107e9546a41faa4;p=openssl Check key_exchange data length is not 0 Reviewed-by: Rich Salz --- diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 2dbaa9ffb4..6474c6dbc2 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2754,7 +2754,8 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al) skey = ssl_generate_pkey(ckey); - if (!PACKET_as_length_prefixed_2(&spkt, &encoded_pt)) { + if (!PACKET_as_length_prefixed_2(&spkt, &encoded_pt) + || PACKET_remaining(&encoded_pt) == 0) { *al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, SSL_R_LENGTH_MISMATCH);