Parse HelloVerifyRequest: avoid buffer overread on the cookie In ssl_parse_hello_verify_request, we print cookie_len bytes without checking that there are that many bytes left in ssl->in_msg. This could potentially log data outside the received message (not a big deal) and could potentially read from memory outside of the receive buffer (which would be a remotely exploitable crash).

commit: b51130dd5ce743f27762a0c1b9685b4ad5aa32d5 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Fri Sep 27 14:00:36 2019 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Fri Sep 27 14:00:36 2019 +0200
tree: 666a81e64fab46d18dfdea8b5f9e834295301f2a
parent: 2a7030429b5669b28d772c5f62b137656c0534e9 [diff] [blame]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 57e5d8a..9e0accc 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -1605,8 +1605,6 @@
     }
 
     cookie_len = *p++;
-    MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
-
     if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1,
@@ -1615,6 +1613,7 @@
                                     MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
     }
+    MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
 
     mbedtls_free( ssl->handshake->verify_cookie );
commit	b51130dd5ce743f27762a0c1b9685b4ad5aa32d5	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Sep 27 14:00:36 2019 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Sep 27 14:00:36 2019 +0200
tree	666a81e64fab46d18dfdea8b5f9e834295301f2a
parent	2a7030429b5669b28d772c5f62b137656c0534e9 [diff] [blame]