TLS: Fix unsigned int underflow in internal TLS 1.0/1.1 implementation

Taking sizeof(ptr) is incorrect to determine size of passed in hash and
results in hlen getting set to a very large value since MD5_MAC_LEN >
sizeof(ptr). Provide the actual size of the hash buffer from the caller
to fix this.

tls_key_x_server_params_hash() callers src/tls/tlsv1_client_read.c and
src/tls/tlsv1_server_write.c both pass in a large enough hash (hash[64]
or hash[100]) that this does not appear to have an impact, though it is
still wrong.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>

diff --git a/src/tls/tlsv1_client_read.c b/src/tls/tlsv1_client_read.c
index 3825a7380dd5eae6b6221e3441b89138634167e0..9df56c257b317392d2e3b2b9a653723f9de42095 100644 (file)
--- a/src/tls/tlsv1_client_read.c
+++ b/src/tls/tlsv1_client_read.c
@@ -771,7 +771,8 @@ static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn,
                        hlen = tls_key_x_server_params_hash(
                                conn->rl.tls_version, conn->client_random,
                                conn->server_random, server_params,
-                               server_params_end - server_params, hash);
+                               server_params_end - server_params, hash,
+                               sizeof(hash));
                }
 
                if (hlen < 0)

diff --git a/src/tls/tlsv1_common.c b/src/tls/tlsv1_common.c
index e178915a454d79c096dfc5c1be53fa384136ac75..0dd8e279994f3d13be9298a34d14721c26fb7e63 100644 (file)
--- a/src/tls/tlsv1_common.c
+++ b/src/tls/tlsv1_common.c
@@ -378,7 +378,7 @@ int tlsv12_key_x_server_params_hash(u16 tls_version, u8 hash_alg,
 int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random,
                                 const u8 *server_random,
                                 const u8 *server_params,
-                                size_t server_params_len, u8 *hash)
+                                size_t server_params_len, u8 *hash, size_t hsz)
 {
        u8 *hpos;
        size_t hlen;
@@ -393,6 +393,8 @@ int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random,
        crypto_hash_update(ctx, server_random, TLS_RANDOM_LEN);
        crypto_hash_update(ctx, server_params, server_params_len);
        hlen = MD5_MAC_LEN;
+       if (hsz < hlen)
+               return -1;
        if (crypto_hash_finish(ctx, hash, &hlen) < 0)
                return -1;
        hpos += hlen;
@@ -403,7 +405,7 @@ int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random,
        crypto_hash_update(ctx, client_random, TLS_RANDOM_LEN);
        crypto_hash_update(ctx, server_random, TLS_RANDOM_LEN);
        crypto_hash_update(ctx, server_params, server_params_len);
-       hlen = hash + sizeof(hash) - hpos;
+       hlen = hsz - hlen;
        if (crypto_hash_finish(ctx, hpos, &hlen) < 0)
                return -1;
        hpos += hlen;

diff --git a/src/tls/tlsv1_common.h b/src/tls/tlsv1_common.h
index e30b15a030a801c8cc72e808d16588f48dca19a3..4cfdc2d551590e8bc25b92b5da318227f2a2336f 100644 (file)
--- a/src/tls/tlsv1_common.h
+++ b/src/tls/tlsv1_common.h
@@ -267,7 +267,8 @@ int tlsv12_key_x_server_params_hash(u16 tls_version, u8 hash_Alg,
 int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random,
                                 const u8 *server_random,
                                 const u8 *server_params,
-                                size_t server_params_len, u8 *hash);
+                                size_t server_params_len,
+                                u8 *hash, size_t hsz);
 int tls_verify_signature(u16 tls_version, struct crypto_public_key *pk,
                         const u8 *data, size_t data_len,
                         const u8 *pos, size_t len, u8 *alert);

diff --git a/src/tls/tlsv1_server_write.c b/src/tls/tlsv1_server_write.c
index 8d36cf1353910bba9e6fff71fd02a9ef8fb9f71c..545abae2ba845b51624da98a60863836bc59b952 100644 (file)
--- a/src/tls/tlsv1_server_write.c
+++ b/src/tls/tlsv1_server_write.c
@@ -620,7 +620,7 @@ static int tls_write_server_key_exchange(struct tlsv1_server *conn,
                        hlen = tls_key_x_server_params_hash(
                                conn->rl.tls_version, conn->client_random,
                                conn->server_random, server_params,
-                               pos - server_params, hash);
+                               pos - server_params, hash, sizeof(hash));
                }
 
                if (hlen < 0) {