Check for excess data in CertificateVerify

As reported by Alicja Kario, we ignored excess bytes after the signature payload in TLS CertificateVerify Messages. These should not be present. Fixes: openssl#25298 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#25302) (cherry picked from commit b4e4bf2)
quictls · Aug 29, 2024 · 2afff32 · 2afff32
1 parent c2a3ef4
commit 2afff32
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
@@ -474,6 +474,10 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
         SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH);
         goto err;
     }
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
 
     if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) {
         /* SSLfatal() already called */