Check key_exchange data length is not 0 Reviewed-by: Rich Salz <rsalz@openssl.org>

commit: 323f212aa792904b7312d22f6107e9546a41faa4 [log] [tgz]
author: Matt Caswell <matt@openssl.org> Fri Nov 04 09:49:16 2016 +0000
committer: Matt Caswell <matt@openssl.org> Wed Nov 16 10:09:46 2016 +0000
tree: d23bbcc19708432ed6304634bf0df5428a947d6c
parent: 2ee1271d8ff95d6a5036b37f7f03e1ae14436eeb [diff] [blame]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2dbaa9f..6474c6d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -2754,7 +2754,8 @@
 
             skey = ssl_generate_pkey(ckey);
 
-            if (!PACKET_as_length_prefixed_2(&spkt, &encoded_pt)) {
+            if (!PACKET_as_length_prefixed_2(&spkt, &encoded_pt)
+                    || PACKET_remaining(&encoded_pt) == 0) {
                 *al = SSL_AD_DECODE_ERROR;
                 SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT,
                        SSL_R_LENGTH_MISMATCH);
commit	323f212aa792904b7312d22f6107e9546a41faa4	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Fri Nov 04 09:49:16 2016 +0000
committer	Matt Caswell <matt@openssl.org>	Wed Nov 16 10:09:46 2016 +0000
tree	d23bbcc19708432ed6304634bf0df5428a947d6c
parent	2ee1271d8ff95d6a5036b37f7f03e1ae14436eeb [diff] [blame]