Fix memory leak with crafted ClientHello

commit: 43c3b28ca6d22f51951e2bd563df039a9f4289ab [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Oct 17 12:42:11 2014 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Oct 17 12:42:11 2014 +0200
tree: 2b95fe6b2fb956adfa5a53ffd0150cd32dce7da5
parent: 5d8618539f8e186c1b2c1b5a548d6f85936fe41f [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 6cce2ef9..01b0aca 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -528,6 +528,13 @@
         return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
     }
 
+    /* Should never happen unless client duplicates the extension */
+    if( ssl->handshake->curves != NULL )
+    {
+        SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
     /* Don't allow our peer to make us allocate too much memory,
      * and leave room for a final 0 */
     our_size = list_size / 2 + 1;
commit	43c3b28ca6d22f51951e2bd563df039a9f4289ab	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Oct 17 12:42:11 2014 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Oct 17 12:42:11 2014 +0200
tree	2b95fe6b2fb956adfa5a53ffd0150cd32dce7da5
parent	5d8618539f8e186c1b2c1b5a548d6f85936fe41f [diff] [blame]