From 7040553a02ac1454a6b73044f9abd36274d34c08 Mon Sep 17 00:00:00 2001
From: Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com>
Date: Wed, 14 Mar 2018 11:31:13 +0100
Subject: [PATCH 1/3] Add bounds check before length read

---
 library/ssl_cli.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 94c521dd9..7bf9933cc 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1850,6 +1850,12 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
      *
      * opaque psk_identity_hint<0..2^16-1>;
      */
+    if( (*p) > end - 2 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
+                                    "(psk_identity_hint length)" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+    }
     len = (*p)[0] << 8 | (*p)[1];
     *p += 2;
 

From 0e0afacbc502c01a39ab4322dca6ee8bc93066f9 Mon Sep 17 00:00:00 2001
From: Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com>
Date: Wed, 14 Mar 2018 11:31:53 +0100
Subject: [PATCH 2/3] Prevent arithmetic overflow on bounds check

---
 library/ssl_cli.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7bf9933cc..5bfcb9535 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1859,7 +1859,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
     len = (*p)[0] << 8 | (*p)[1];
     *p += 2;
 
-    if( (*p) + len > end )
+    if( (*p) > end -len )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
                                     "(psk_identity_hint length)" ) );

From a7a8332402c9d894c26cf4f4c47f72b0d6f29642 Mon Sep 17 00:00:00 2001
From: Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com>
Date: Wed, 14 Mar 2018 11:33:28 +0100
Subject: [PATCH 3/3] Update change log

---
 ChangeLog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index ed7818e30..33f2f8652 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -446,6 +446,10 @@ Changes
 
 = mbed TLS 2.1.0 released 2015-09-04
 
+Security
+   * Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a
+     crash on invalid input.
+
 Features
    * Added support for yotta as a build system.
    * Primary open source license changed to Apache 2.0 license.
@@ -481,6 +485,8 @@ Bugfix
    * Fix unused function warning when using MBEDTLS_MDx_ALT or
      MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
    * Fix memory corruption in pkey programs (found by yankuncheng) (#210)
+   * Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that
+     could cause a key exchange to fail on valid data.
 
 Changes
    * The PEM parser now accepts a trailing space at end of lines (#226).