Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bounds check in ssl_parse_certificate_request() too strict #1954

Closed
hanno-becker opened this issue Aug 16, 2018 · 1 comment
Closed

Bounds check in ssl_parse_certificate_request() too strict #1954

hanno-becker opened this issue Aug 16, 2018 · 1 comment
Labels
bug component-tls

Comments

@hanno-becker
Copy link

Summary: PR #1663 modified a bounds check in ssl_parse_certificate_request() which was correct beforehand and now off by one, leading to rejection of valid CertificateRequest messages.

    if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
        ...
    }

this should be

    if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
        ...
    }

Steps to reproduce provided by @mpg, from within MBEDTLS_DIR/tests:

  • Server: gnutls-serv --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key
  • Client: ../programs/ssl/ssl_client2 server_port=5556 force_version=tls1_1
This was referenced Aug 16, 2018
Merged
Merged
Merged
@ciarmcom
Copy link

ARM Internal Ref: IOTSSL-2479

hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Aug 17, 2018
Improve ChangeLog wording for the commmit that Fixes Mbed-TLS#1954.
eb2b15a
hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Aug 17, 2018
Improve ChangeLog wording for the commmit that Fixes Mbed-TLS#1954.
517e84a
hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Aug 17, 2018
Improve ChangeLog wording for the commmit that Fixes Mbed-TLS#1954.
10652b1
simonbutcher added a commit that referenced this issue Sep 10, 2018
@simonbutcher
Remove duplication of some entries in the ChangeLog
c0a63bd 
Fixes for #1941 and #1954 were listed twice.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug component-tls
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ciarmcom @hanno-becker