Port dtls1_get_hello_verify to CBS.

Gives bounds checks and asserts that there's nothing after the cookie.

Change-Id: I8f9753e0c72670e9960f73a5722cefd9c02696a9
Reviewed-on: https://boringssl-review.googlesource.com/1507
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 19 insertions, 11 deletions

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 4405b17e..e4f458ed 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -585,9 +585,10 @@ end:
 
 static int dtls1_get_hello_verify(SSL *s)
 	{
-	int n, al, ok = 0;
-	unsigned char *data;
-	unsigned int cookie_len;
+	long n;
+	int al, ok = 0;
+	CBS hello_verify_request, cookie;
+	uint16_t server_version;
 
 	s->first_packet = 1;
 	n=s->method->ssl_get_message(s,
@@ -607,10 +608,19 @@ static int dtls1_get_hello_verify(SSL *s)
 		return(1);
 		}
 
-	data = s->init_msg;
+	CBS_init(&hello_verify_request, s->init_msg, n);
+
+	if (!CBS_get_u16(&hello_verify_request, &server_version) ||
+		!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie) ||
+		CBS_len(&hello_verify_request) != 0)
+		{
+		al = SSL_AD_DECODE_ERROR;
+		OPENSSL_PUT_ERROR(SSL, ssl3_get_cert_status, SSL_R_DECODE_ERROR);
+		goto f_err;
+		}
+
 #if 0
-	if (s->method->version != DTLS_ANY_VERSION &&
-		((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff))))
+	if (s->method->version != DTLS_ANY_VERSION && server_version != s->version)
 		{
 		OPENSSL_PUT_ERROR(SSL, dtls1_get_hello_verify, SSL_R_WRONG_SSL_VERSION);
 		s->version=(s->version&0xff00)|data[1];
@@ -618,17 +628,15 @@ static int dtls1_get_hello_verify(SSL *s)
 		goto f_err;
 		}
 #endif
-	data+=2;
 
-	cookie_len = *(data++);
-	if ( cookie_len > sizeof(s->d1->cookie))
+	if (CBS_len(&cookie) > sizeof(s->d1->cookie))
 		{
 		al=SSL_AD_ILLEGAL_PARAMETER;
 		goto f_err;
 		}
 
-	memcpy(s->d1->cookie, data, cookie_len);
-	s->d1->cookie_len = cookie_len;
+	memcpy(s->d1->cookie, CBS_data(&cookie), CBS_len(&cookie));
+	s->d1->cookie_len = CBS_len(&cookie);
 
 	s->d1->send_cookie = 1;
 	return 1;