From: Matt Caswell <matt@openssl.org>
Date: Tue, 20 Feb 2018 10:20:20 +0000 (+0000)
Subject: Sanity check the ticket length before using key name/IV
X-Git-Tag: OpenSSL_1_0_2o~33
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cb7503750efc02c64cdb7167dee692e47c44c6e9;p=openssl

Sanity check the ticket length before using key name/IV

This could in theory result in an overread - but due to the over allocation
of the underlying buffer does not represent a security issue.

Thanks to Fedor Indutny for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5417)
---

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 82ad601924..a186623505 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3505,6 +3505,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
     EVP_CIPHER_CTX ctx;
     SSL_CTX *tctx = s->initial_ctx;
 
+    /* Need at least keyname + iv */
+    if (eticklen < 16 + EVP_MAX_IV_LENGTH)
+        return 2;
+
     /* Initialize session ticket encryption and HMAC contexts */
     HMAC_CTX_init(&hctx);
     EVP_CIPHER_CTX_init(&ctx);