From: Dr. Stephen Henson <steve@openssl.org>
Date: Thu, 22 Nov 2012 14:15:36 +0000 (+0000)
Subject: reject zero length point format list or supported curves extensions
X-Git-Tag: OpenSSL_1_0_2-beta1~557
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7469af44845c8ac283be2c1c2fa05ee1937dd7a0;p=openssl

reject zero length point format list or supported curves extensions
---

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a438321a41..9b9fb356f8 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1498,7 +1498,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 			int ellipticcurvelist_length = (*(sdata++) << 8);
 			ellipticcurvelist_length += (*(sdata++));
 
-			if (ellipticcurvelist_length != size - 2)
+			if (ellipticcurvelist_length != size - 2 ||
+				ellipticcurvelist_length < 1)
 				{
 				*al = TLS1_AD_DECODE_ERROR;
 				return 0;
@@ -1931,7 +1932,8 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
 			unsigned char *sdata = data;
 			int ecpointformatlist_length = *(sdata++);
 
-			if (ecpointformatlist_length != size - 1)
+			if (ecpointformatlist_length != size - 1 || 
+				ecpointformatlist_length < 1)
 				{
 				*al = TLS1_AD_DECODE_ERROR;
 				return 0;