Always reset sigalgslen when NULLing sigalgs.

See also upstream's 34e3edbf3a10953cb407288101fd56a629af22f9. This fixes CVE-2015-0291. Also bubble up malloc failures in tls1_set_shared_sigalgs. Tidy up style a bit and remove unnecessary check (it actually is unnecessary; see https://boringssl-review.googlesource.com/4042). Change-Id: Idfb31a90fb3e56ef6fe7701464748a5c1603f064 Reviewed-on: https://boringssl-review.googlesource.com/4047 Reviewed-by: Adam Langley <agl@google.com>
2015-03-19 14:24:37 -04:00 · 2015-03-19 14:24:37 -04:00 · 61c0d4e8b2
commit 61c0d4e8b2
parent c12d377e24
1 changed files with 6 additions and 12 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -1357,12 +1357,14 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CBS *cbs, int *out_alert) {
  if (s->cert->peer_sigalgs) {
    OPENSSL_free(s->cert->peer_sigalgs);
    s->cert->peer_sigalgs = NULL;
+    s->cert->peer_sigalgslen = 0;
  }

  /* Clear any shared signature algorithms */
  if (s->cert->shared_sigalgs) {
    OPENSSL_free(s->cert->shared_sigalgs);
    s->cert->shared_sigalgs = NULL;
+    s->cert->shared_sigalgslen = 0;
  }

  /* Clear ECC extensions */
@ -2399,6 +2401,7 @@ static int tls1_set_shared_sigalgs(SSL *s) {
  if (c->shared_sigalgs) {
    OPENSSL_free(c->shared_sigalgs);
    c->shared_sigalgs = NULL;
+    c->shared_sigalgslen = 0;
  }

  /* If client use client signature algorithms if not NULL */
@ -2449,21 +2452,12 @@ int tls1_process_sigalgs(SSL *s, const CBS *sigalgs) {
    return 1;
  }

-  /* Length must be even */
-  if (CBS_len(sigalgs) % 2 != 0) {
+  if (CBS_len(sigalgs) % 2 != 0 ||
+      !CBS_stow(sigalgs, &c->peer_sigalgs, &c->peer_sigalgslen) ||
+      !tls1_set_shared_sigalgs(s)) {
    return 0;
  }

-  /* Should never happen */
-  if (!c) {
-    return 0;
-  }
-
-  if (!CBS_stow(sigalgs, &c->peer_sigalgs, &c->peer_sigalgslen)) {
-    return 0;
-  }
-
-  tls1_set_shared_sigalgs(s);
  return 1;
 }