From: Matt Caswell <matt@openssl.foundation>
Date: Tue, 28 Apr 2026 08:56:20 +0000 (+0100)
Subject: According to RFC8446 there must always be one identity in the list
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=593c79ba8e470c1a91b0c06183fe92878d2ade98;p=thirdparty%2Fopenssl.git

According to RFC8446 there must always be one identity in the list

We were silently accepting a list with zero identities. Technically this
is a syntax error so we should fail with a decode_error in this case.

Fixes #31006

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Sun May  3 15:19:27 2026
(Merged from https://github.com/openssl/openssl/pull/31010)
---

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 033c0140dca..b91be0a52f2 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1340,6 +1340,11 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
         SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
         return 0;
     }
+    /* There must always be at least one identity in the list */
+    if (PACKET_remaining(&identities) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
+        goto err;
+    }
 
     s->ext.ticket_expected = 0;
     for (id = 0; PACKET_remaining(&identities) != 0 && id < MAX_PRE_SHARED_KEYS; id++) {