Fix bug with extension-less ServerHello

https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug in_hslen include the length of the handshake header. (We might want to change that in the future, as it is a bit annoying.)
2015-07-23 12:14:13 +02:00 · 2015-07-23 12:14:13 +02:00 · a6e5bd5654
commit a6e5bd5654
parent cb0d212c97
2 changed files with 4 additions and 2 deletions
--- a/2
+++ b/2
@ -6,6 +6,8 @@ Bugfix
   * Fix segfault in the benchmark program when benchmarking DHM.
   * Fix build error with CMake and pre-4.5 versions of GCC (found by Hugo
     Leisink).
+   * Fix bug when parsing a ServerHello without extensions (found by David
+     Sears).

 = mbed TLS 2.0.0 released 2015-07-13

--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -1269,7 +1269,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
    }

-    if( ssl->in_hslen > 39 + n )
+    if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n )
    {
        ext_len = ( ( buf[38 + n] <<  8 )
                  | ( buf[39 + n]       ) );
@ -1281,7 +1281,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
        }
    }
-    else if( ssl->in_hslen == 38 + n )
+    else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n )
    {
        ext_len = 0;
    }