From 7c45da745e3db84f92b984762f02a98cb2771bd2 Mon Sep 17 00:00:00 2001
From: yexiaochuan <tap91624@gmail.com>
Date: Sat, 31 May 2025 17:47:58 +0800
Subject: [PATCH] fix: add parsing check in TLS compress_certificate extension
 handler

The tls_parse_compress_certificate function was missing validation
for trailing bytes after parsing the algorithm list, violating
RFC8446 section 4.2 which requires sending a decode_error alert
for unparseable messages.

This commit adds a check for remaining bytes in the packet after
the while loop and sends SSL_AD_DECODE_ERROR if any trailing
bytes are found.

Fixes #27717

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27733)

(cherry picked from commit 8e787b102848e462a6d231883e2c42d91978c049)
---
 ssl/statem/extensions.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index e71a79c7e88..24e5325fc00 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1923,6 +1923,10 @@ int tls_parse_compress_certificate(SSL_CONNECTION *sc, PACKET *pkt, unsigned int
             already_set[comp] = 1;
         }
     }
+    if (PACKET_remaining(&supported_comp_algs) != 0) {
+        SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
 #endif
     return 1;
 }
-- 
2.47.2