cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-17 12:10:43 -04:00
Code Issues Packages Projects Releases Wiki Activity
polarssl/ChangeLog.d/cookie_parsing_bug.txt
Andrzej Kurek e6487ab490 Add a changelog entry for the cookie parsing bounds bug 
Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:31:08 -04:00

12 lines
711 B
Plaintext
Raw Blame History

Security
* Fix a buffer overread in DTLS ClientHello parsing in servers with
MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
after the end of the SSL input buffer. The buffer overread only happens
when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
and possibly up to 571 bytes with a custom cookie check function.
If the function provider deliberately omits these size checks, he/she
is responsible for the negative impact on his/her code.
Reported by the Cybeats PSI Team.
Reference in New Issue View Git Blame Copy Permalink