From 9e1839bc43536c20cc15dabca0fc8cacebb44f88 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 14 Mar 2018 11:20:46 +0100 Subject: [PATCH 1/3] Add bounds check before length read --- library/ssl_cli.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 2534346a4..585750ef2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2057,6 +2057,12 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, * * opaque psk_identity_hint<0..2^16-1>; */ + if( (*p) > end - 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " + "(psk_identity_hint length)" ) ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } len = (*p)[0] << 8 | (*p)[1]; *p += 2; From 8e0b1166b67abc55abfb4969d11d01fc47d940a8 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 14 Mar 2018 11:21:35 +0100 Subject: [PATCH 2/3] Prevent arithmetic overflow on bounds check --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 585750ef2..759a4562a 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2066,7 +2066,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, len = (*p)[0] << 8 | (*p)[1]; *p += 2; - if( (*p) + len > end ) + if( (*p) > end - len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " "(psk_identity_hint length)" ) ); From bcb814951059a425f86f173a766cd0b504450be9 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 14 Mar 2018 11:23:34 +0100 Subject: [PATCH 3/3] Update change log --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8db021591..725a6b1a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,8 @@ Security * Change default choice of DHE parameters from untrustworthy RFC 5114 to RFC 3526 containing parameters generated in a nothing-up-my-sleeve manner. + * Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a + crash on invalid input. Features * Allow comments in test data files. @@ -180,6 +182,8 @@ Bugfix * In mbedtls_entropy_free(), properly free the message digest context. * Fix status handshake status message in programs/ssl/dtls_client.c. Found and fixed by muddog. + * Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that + could cause a key exchange to fail on valid data. Changes * Extend cert_write example program by options to set the certificate version