diff options
| author | Peter Kaestle <peter.kaestle@nokia.com> | 2021-03-15 13:19:56 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2021-03-25 10:48:08 +0100 |
| commit | 02b1636fe3db274497304a3e95a4e32ced7e841b (patch) | |
| tree | 72f1fa7eb036d2b429394c3b3c52240fc7a5de1e /ssl/statem | |
| parent | Add a test for CVE-2021-3449 (diff) | |
| download | openssl-02b1636fe3db274497304a3e95a4e32ced7e841b.tar.xz openssl-02b1636fe3db274497304a3e95a4e32ced7e841b.zip | |
ssl sigalg extension: fix NULL pointer dereference
As the variable peer_sigalgslen is not cleared on ssl rehandshake, it's
possible to crash an openssl tls secured server remotely by sending a
manipulated hello message in a rehandshake.
On such a manipulated rehandshake, tls1_set_shared_sigalgs() calls
tls12_shared_sigalgs() with the peer_sigalgslen of the previous
handshake, while the peer_sigalgs has been freed.
As a result tls12_shared_sigalgs() walks over the available
peer_sigalgs and tries to access data of a NULL pointer.
This issue was introduced by c589c34e61 (Add support for the TLS 1.3
signature_algorithms_cert extension, 2018-01-11).
Signed-off-by: Peter Kästle <peter.kaestle@nokia.com>
Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com>
CVE-2021-3449
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/statem')
| -rw-r--r-- | ssl/statem/extensions.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 5e21ff8593..bc41b36594 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1114,6 +1114,7 @@ static int init_sig_algs(SSL *s, unsigned int context) /* Clear any signature algorithms extension received */ OPENSSL_free(s->s3.tmp.peer_sigalgs); s->s3.tmp.peer_sigalgs = NULL; + s->s3.tmp.peer_sigalgslen = 0; return 1; } |