Merge remote-tracking branch 'public/pr/2856' into development

* public/pr/2856:
  Fix issue  #2718 (condition always false)
This commit is contained in:
Manuel Pégourié-Gonnard 2020-04-06 10:15:49 +02:00
commit 15f30dc7e6
3 changed files with 6 additions and 4 deletions

View file

@ -17,6 +17,8 @@ Security
Bugfix Bugfix
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
MBEDTLS_SSL_HW_RECORD_ACCEL are enabled. MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
* Remove a spurious check in ssl_parse_client_psk_identity that triggered
a warning with some compilers. Fix contributed by irwir in #2856.
Changes Changes
* Mbed Crypto is no longer a Git submodule. The crypto part of the library * Mbed Crypto is no longer a Git submodule. The crypto part of the library

View file

@ -2344,7 +2344,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
unsigned char *end ) unsigned char *end )
{ {
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t len; uint16_t len;
((void) ssl); ((void) ssl);
/* /*
@ -2361,7 +2361,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
len = (*p)[0] << 8 | (*p)[1]; len = (*p)[0] << 8 | (*p)[1];
*p += 2; *p += 2;
if( end - (*p) < (int) len ) if( end - (*p) < len )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
"(psk_identity_hint length)" ) ); "(psk_identity_hint length)" ) );

View file

@ -3812,7 +3812,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
const unsigned char *end ) const unsigned char *end )
{ {
int ret = 0; int ret = 0;
size_t n; uint16_t n;
if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 ) if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 )
{ {
@ -3832,7 +3832,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
n = ( (*p)[0] << 8 ) | (*p)[1]; n = ( (*p)[0] << 8 ) | (*p)[1];
*p += 2; *p += 2;
if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) ) if( n == 0 || n > end - *p )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );