Skip to content

Commit 89cb740

Browse files
yorkieindutny
yorkie
authored and
indutny
committed
crypto: check protocol version at handshake header
Signed-off-by: Fedor Indutny <fedor@indutny.com>
1 parent 8a6c36d commit 89cb740

File tree

1 file changed

+17
-6
lines changed

1 file changed

+17
-6
lines changed

src/node_crypto_clienthello.cc

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -87,46 +87,57 @@ bool ClientHelloParser::ParseRecordHeader(const uint8_t* data, size_t avail) {
8787

8888

8989
void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) {
90+
ClientHello hello;
91+
9092
// >= 5 + frame size bytes for frame parsing
9193
if (body_offset_ + frame_len_ > avail)
9294
return;
9395

9496
// Skip unsupported frames and gather some data from frame
97+
// Check hello protocol version
98+
if (!(data[body_offset_ + 4] == 0x03 && data[body_offset_ + 5] <= 0x03))
99+
goto fail;
100+
#ifndef OPENSSL_NO_SSL2
101+
if (!(data[body_offset_ + 4] == 0x00 && data[body_offset_ + 5] == 0x02))
102+
goto fail;
103+
#endif
95104

96-
// TODO(indutny): Check hello protocol version
97105
if (data[body_offset_] == kClientHello) {
98106
if (state_ == kTLSHeader) {
99107
if (!ParseTLSClientHello(data, avail))
100-
return End();
108+
goto fail;
101109
} else if (state_ == kSSL2Header) {
102110
#ifdef OPENSSL_NO_SSL2
103111
if (!ParseSSL2ClientHello(data, avail))
104-
return End();
112+
goto fail;
105113
#else
106114
abort(); // Unreachable
107115
#endif // OPENSSL_NO_SSL2
108116
} else {
109117
// We couldn't get here, but whatever
110-
return End();
118+
goto fail;
111119
}
112120

113121
// Check if we overflowed (do not reply with any private data)
114122
if (session_id_ == NULL ||
115123
session_size_ > 32 ||
116124
session_id_ + session_size_ > data + avail) {
117-
return End();
125+
goto fail;
118126
}
119127
}
120128

121129
state_ = kPaused;
122-
ClientHello hello;
123130
hello.session_id_ = session_id_;
124131
hello.session_size_ = session_size_;
125132
hello.has_ticket_ = tls_ticket_ != NULL && tls_ticket_size_ != 0;
126133
hello.ocsp_request_ = ocsp_request_;
127134
hello.servername_ = servername_;
128135
hello.servername_size_ = static_cast<uint8_t>(servername_size_);
129136
onhello_cb_(cb_arg_, hello);
137+
return;
138+
139+
fail:
140+
return End();
130141
}
131142

132143

0 commit comments

Comments
 (0)