From 8f12296e2356a0daf751cbc00aed14d4c31a2476 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 3 Mar 2017 02:44:18 +0000
Subject: [PATCH] Disallow zero length signature algorithms

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)
---
 ssl/statem/statem_srvr.c | 1 +
 ssl/t1_lib.c             | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 7414c19ddb..6c007a1302 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2497,6 +2497,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
         size_t nl = tls12_get_psigalgs(s, 1, &psigs);
 
         if (!WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)
                 || !tls12_copy_sigalgs(s, pkt, psigs, nl)
                 || !WPACKET_close(pkt)) {
             SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 87ef620e1b..93a8cfeaf2 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1563,7 +1563,7 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt)
     size = PACKET_remaining(pkt);
 
     /* Invalid data length */
-    if ((size & 1) != 0)
+    if (size == 0 || (size & 1) != 0)
         return 0;
 
     size >>= 1;
-- 
2.40.0