Check for trailing data in key_share extension. Change-Id: I057e19a9547a14b3950395db4318eaf0da01ec13 Reviewed-on: https://boringssl-review.googlesource.com/9079 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: a70de147ffda655f0eae35cb10af19918bbc4809 [log] [tgz]
author: David Benjamin <davidben@google.com> Tue Aug 02 16:52:57 2016 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Aug 02 21:37:39 2016 +0000
tree: 4f6a23e79847d5d82b21b45405299c91cc8155e4
parent: ce079fda12a6fca06ec459c2d148fd1537d435b9 [diff]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index eef0d83..c6697f6 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -2037,7 +2037,8 @@
   CBS peer_key;
   uint16_t group;
   if (!CBS_get_u16(contents, &group) ||
-      !CBS_get_u16_length_prefixed(contents, &peer_key)) {
+      !CBS_get_u16_length_prefixed(contents, &peer_key) ||
+      CBS_len(contents) != 0) {
     *out_alert = SSL_AD_DECODE_ERROR;
     return 0;
   }
@@ -2073,7 +2074,8 @@
   uint16_t group_id;
   CBS key_shares;
   if (!tls1_get_shared_group(ssl, &group_id) ||
-      !CBS_get_u16_length_prefixed(contents, &key_shares)) {
+      !CBS_get_u16_length_prefixed(contents, &key_shares) ||
+      CBS_len(contents) != 0) {
     return 0;
   }
commit	a70de147ffda655f0eae35cb10af19918bbc4809	[log] [tgz]
author	David Benjamin <davidben@google.com>	Tue Aug 02 16:52:57 2016 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Tue Aug 02 21:37:39 2016 +0000
tree	4f6a23e79847d5d82b21b45405299c91cc8155e4
parent	ce079fda12a6fca06ec459c2d148fd1537d435b9 [diff]