From: Matt Caswell <matt@openssl.org>
Date: Mon, 8 May 2017 14:18:25 +0000 (+0100)
Subject: Verify that there is no trailing data after the extensions block
X-Git-Tag: OpenSSL_1_1_1-pre1~1540
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ef57a475a073fffd610ee3228acd855ca0d72be5;p=thirdparty%2Fopenssl.git

Verify that there is no trailing data after the extensions block

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3436)
---

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 7e025a6c286..5c22ba7b1cf 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1407,7 +1407,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
         if (PACKET_remaining(pkt) == 0) {
             PACKET_null_init(&clienthello->extensions);
         } else {
-            if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)) {
+            if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)
+                    || PACKET_remaining(pkt) != 0) {
                 al = SSL_AD_DECODE_ERROR;
                 SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
                 goto f_err;