Make message buffer slightly larger than message.

Grow TLS/DTLS 16 bytes more than strictly necessary as a precaution against
OOB reads. In most cases this will have no effect because the message buffer
will be large enough already.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 006a788c84e541c8920dd2ad85fb62b52185c519)

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index ae292c4959ed87c7d2486532d38c47b26d317ea5..0cf1e49fd2a1194cb8908266be346f547a0914cb 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -577,9 +577,12 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr,
         /*
          * msg_len is limited to 2^24, but is effectively checked against max
          * above
+         *
+         * Make buffer slightly larger than message length as a precaution
+         * against small OOB reads e.g. CVE-2016-6306
          */
         if (!BUF_MEM_grow_clean
-            (s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
+            (s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH + 16)) {
             SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
             return SSL_AD_INTERNAL_ERROR;
         }

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 08cc45115537c90b3fbdde1076a006f95b4c2bbc..d798d83cb77b98546b0a02130a1a5127fe670a80 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -499,9 +499,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
             SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
             goto f_err;
         }
+        /*
+         * Make buffer slightly larger than message length as a precaution
+         * against small OOB reads e.g. CVE-2016-6306
+         */
         if (l
             && !BUF_MEM_grow_clean(s->init_buf,
-                                   (int)l + SSL3_HM_HEADER_LENGTH)) {
+                                   (int)l + SSL3_HM_HEADER_LENGTH + 16)) {
             SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
             goto err;
         }