mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 13:45:29 +00:00
Merge branch 'iotssl-1368-unsafe-bounds-check-psk-identity-merge' into development-restricted
This commit is contained in:
commit
1a2640c025
|
@ -8,6 +8,8 @@ Security
|
|||
Security Initiative, Qualcomm Technologies Inc.
|
||||
* Fix buffer overflow in RSA-PSS verification when the unmasked
|
||||
data is all zeros.
|
||||
* Fix unsafe bounds check in ssl_parse_client_psk_identity() when adding
|
||||
64kB to the address of the SSL buffer wraps around.
|
||||
|
||||
Features
|
||||
* Allow comments in test data files.
|
||||
|
|
|
@ -3433,7 +3433,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
|
|||
/*
|
||||
* Receive client pre-shared key identity name
|
||||
*/
|
||||
if( *p + 2 > end )
|
||||
if( end - *p < 2 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||
|
@ -3442,7 +3442,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
|
|||
n = ( (*p)[0] << 8 ) | (*p)[1];
|
||||
*p += 2;
|
||||
|
||||
if( n < 1 || n > 65535 || *p + n > end )
|
||||
if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||
|
|
Loading…
Reference in a new issue