Skip to content

Commit

Permalink
Bug 1353750 - Use decode_error for bad, non-empty extensions, r=kaie
Browse files Browse the repository at this point in the history 
--HG--
extra : rebase_source : b563f07ecf0f7b3d5d2de398f5ad4459943ff53a
extra : source : c400004c23b7ebc3016611bd3eb41f1e9a09e734
  • Loading branch information
@martinthomson
martinthomson committed Jun 1, 2017
1 parent 31574cf commit f325a6b
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions lib/ssl/ssl3exthandle.c
View file
Expand Up @@ -2365,6 +2365,7 @@ ssl3_HandleExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnDat
if (data->len != 0) {
SSL_TRC(30, ("%d: SSL3[%d]: Bogus extended master secret extension",
SSL_GETPID(), ss->fd));
ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
return SECFailure;
}

Expand Down Expand Up @@ -2489,6 +2490,12 @@ ssl3_ServerHandleSignedCertTimestampXtn(const sslSocket *ss,
PRUint16 ex_type,
SECItem *data)
{
if (data->len != 0) {
ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
return SECFailure;
}

xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
PORT_Assert(ss->sec.isServer);
return ssl3_RegisterExtensionSender(
Expand Down

0 comments on commit f325a6b

Please sign in to comment.