From 0e0afacbc502c01a39ab4322dca6ee8bc93066f9 Mon Sep 17 00:00:00 2001
From: Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com>
Date: Wed, 14 Mar 2018 11:31:53 +0100
Subject: [PATCH] Prevent arithmetic overflow on bounds check

---
 library/ssl_cli.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7bf9933cc..5bfcb9535 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1859,7 +1859,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
     len = (*p)[0] << 8 | (*p)[1];
     *p += 2;
 
-    if( (*p) + len > end )
+    if( (*p) > end -len )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
                                     "(psk_identity_hint length)" ) );