File CVE-2015-8036-Added-bounds-checking-for-TLS-extensions.patch of Package polarssl.5404
From: Simon Butcher <simon.butcher@arm.com>
Date: Thu, 1 Oct 2015 00:24:36 +0100
Subject: CVE-2015-8036: Added bounds checking for TLS extensions
IOTSSL-478 - Added checks to prevent buffer overflows.
(cherry picked from commit b1e325d6b2bd9c504536fbbd45dce348f0a6c40c)
---
library/ssl_cli.c | 141 +++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 128 insertions(+), 13 deletions(-)
Index: library/ssl_cli.c
===================================================================
--- library/ssl_cli.c.orig
+++ library/ssl_cli.c
@@ -68,6 +68,7 @@ static void ssl_write_hostname_ext( ssl_
size_t *olen )
{
unsigned char *p = buf;
+ const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
*olen = 0;
@@ -77,6 +78,12 @@ static void ssl_write_hostname_ext( ssl_
SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
ssl->hostname ) );
+ if( (size_t)(end - p) < ssl->hostname_len + 9 )
+ {
+ SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
+ }
+
/*
* struct {
* NameType name_type;
@@ -119,6 +126,7 @@ static void ssl_write_renegotiation_ext(
size_t *olen )
{
unsigned char *p = buf;
+ const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
*olen = 0;
@@ -127,6 +135,12 @@ static void ssl_write_renegotiation_ext(
SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
+ if( (size_t)(end - p) < 5 + ssl->verify_data_len )
+ {
+ SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
+ }
+
/*
* Secure renegotiation
*/
@@ -148,6 +162,7 @@ static void ssl_write_signature_algorith
size_t *olen )
{
unsigned char *p = buf;
+ const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
size_t sig_alg_len = 0;
#if defined(POLARSSL_RSA_C) || defined(POLARSSL_ECDSA_C)
unsigned char *sig_alg_list = buf + 6;
@@ -160,9 +175,54 @@ static void ssl_write_signature_algorith
SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
+#if defined(POLARSSL_RSA_C)
+#if defined(POLARSSL_SHA512_C)
+ /* SHA512 + RSA signature, SHA384 + RSA signature */
+ sig_alg_len += 4;
+#endif
+#if defined(POLARSSL_SHA256_C)
+ /* SHA256 + RSA signature, SHA224 + RSA signature */
+ sig_alg_len += 4;
+#endif
+#if defined(POLARSSL_SHA1_C)
+ /* SHA1 + RSA signature */
+ sig_alg_len += 2;
+#endif
+#if defined(POLARSSL_MD5_C)
+ /* MD5 + RSA signature */
+ sig_alg_len += 2;
+#endif
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECDSA_C)
+#if defined(POLARSSL_SHA512_C)
+ /* SHA512 + ECDSA signature, SHA384 + ECDSA signature */
+ sig_alg_len += 4;
+#endif
+#if defined(POLARSSL_SHA256_C)
+ /* SHA256 + ECDSA signature, SHA224 + ECDSA signature */
+ sig_alg_len += 4;
+#endif
+#if defined(POLARSSL_SHA1_C)
+ /* SHA1 + ECDSA signature */
+ sig_alg_len += 2;
+#endif
+#if defined(POLARSSL_MD5_C)
+ /* MD5 + ECDSA signature */
+ sig_alg_len += 2;
+#endif
+#endif /* POLARSSL_ECDSA_C */
+
+ if( end < p || (size_t)( end - p ) < sig_alg_len + 6 )
+ {
+ SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
+ }
+
/*
* Prepare signature_algorithms extension (TLS 1.2)
*/
+ sig_alg_len = 0;
+
#if defined(POLARSSL_RSA_C)
#if defined(POLARSSL_SHA512_C)
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512;
@@ -244,6 +304,7 @@ static void ssl_write_supported_elliptic
size_t *olen )
{
unsigned char *p = buf;
+ const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0;
const ecp_curve_info *info;
@@ -265,6 +326,25 @@ static void ssl_write_supported_elliptic
for( info = ecp_curve_list(); info->grp_id != POLARSSL_ECP_DP_NONE; info++ )
{
#endif
+ elliptic_curve_len += 2;
+ }
+
+ if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len )
+ {
+ SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
+ }
+
+ elliptic_curve_len = 0;
+
+#if defined(POLARSSL_SSL_SET_CURVES)
+ for( grp_id = ssl->curve_list; *grp_id != POLARSSL_ECP_DP_NONE; grp_id++ )
+ {
+ info = ecp_curve_info_from_grp_id( *grp_id );
+#else
+ for( info = ecp_curve_list(); info->grp_id != POLARSSL_ECP_DP_NONE; info++ )
+ {
+#endif
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
@@ -290,12 +370,18 @@ static void ssl_write_supported_point_fo
size_t *olen )
{
unsigned char *p = buf;
- ((void) ssl);
+ const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
*olen = 0;
SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) );
+ if( end < p || (size_t)( end - p ) < 6 )
+ {
+ SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
+ }
+
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF );
@@ -315,14 +401,21 @@ static void ssl_write_max_fragment_lengt
size_t *olen )
{
unsigned char *p = buf;
+ const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
+
+ *olen = 0;
- if( ssl->mfl_code == SSL_MAX_FRAG_LEN_NONE ) {
- *olen = 0;
+ if( ssl->mfl_code == SSL_MAX_FRAG_LEN_NONE )
return;
- }
SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) );
+ if( end < p || (size_t)( end - p ) < 5 )
+ {
+ SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
+ }
+
*p++ = (unsigned char)( ( TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF );
@@ -340,15 +433,21 @@ static void ssl_write_truncated_hmac_ext
unsigned char *buf, size_t *olen )
{
unsigned char *p = buf;
+ const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
+
+ *olen = 0;
if( ssl->trunc_hmac == SSL_TRUNC_HMAC_DISABLED )
- {
- *olen = 0;
return;
- }
SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) );
+ if( end < p || (size_t)( end - p ) < 4 )
+ {
+ SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
+ }
+
*p++ = (unsigned char)( ( TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( TLS_EXT_TRUNCATED_HMAC ) & 0xFF );
@@ -364,16 +463,22 @@ static void ssl_write_session_ticket_ext
unsigned char *buf, size_t *olen )
{
unsigned char *p = buf;
+ const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
size_t tlen = ssl->session_negotiate->ticket_len;
+ *olen = 0;
+
if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED )
- {
- *olen = 0;
return;
- }
SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) );
+ if( end < p || (size_t)( end - p ) < 4 + tlen )
+ {
+ SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
+ }
+
*p++ = (unsigned char)( ( TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( TLS_EXT_SESSION_TICKET ) & 0xFF );
@@ -401,16 +506,26 @@ static void ssl_write_alpn_ext( ssl_cont
unsigned char *buf, size_t *olen )
{
unsigned char *p = buf;
+ const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
+ size_t alpnlen = 0;
const char **cur;
+ *olen = 0;
+
if( ssl->alpn_list == NULL )
- {
- *olen = 0;
return;
- }
SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
+ for( cur = ssl->alpn_list; *cur != NULL; cur++ )
+ alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1;
+
+ if( end < p || (size_t)( end - p ) < 6 + alpnlen )
+ {
+ SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
+ }
+
*p++ = (unsigned char)( ( TLS_EXT_ALPN >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( TLS_EXT_ALPN ) & 0xFF );
