From: yexiaochuan <tap91624@gmail.com>
Date: Sat, 31 May 2025 09:47:58 +0000 (+0800)
Subject: fix: add parsing check in TLS compress_certificate extension handler
X-Git-Tag: openssl-3.4.2~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7c45da745e3db84f92b984762f02a98cb2771bd2;p=thirdparty%2Fopenssl.git

fix: add parsing check in TLS compress_certificate extension handler

The tls_parse_compress_certificate function was missing validation
for trailing bytes after parsing the algorithm list, violating
RFC8446 section 4.2 which requires sending a decode_error alert
for unparseable messages.

This commit adds a check for remaining bytes in the packet after
the while loop and sends SSL_AD_DECODE_ERROR if any trailing
bytes are found.

Fixes #27717

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27733)

(cherry picked from commit 8e787b102848e462a6d231883e2c42d91978c049)
---

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index e71a79c7e88..24e5325fc00 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1923,6 +1923,10 @@ int tls_parse_compress_certificate(SSL_CONNECTION *sc, PACKET *pkt, unsigned int
             already_set[comp] = 1;
         }
     }
+    if (PACKET_remaining(&supported_comp_algs) != 0) {
+        SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
 #endif
     return 1;
 }