Merge remote-tracking branch 'restricted/pr/522' into mbedtls-2.1-restricted-proposed

2025-01-20 21:41:02 +00:00 · 2018-11-07 00:07:31 +00:00 · 2018-11-07 00:07:31 +00:00 · 3bc2b8be36
parent 6f682ee463 e6a5ee7b72
commit 3bc2b8be36
2 changed files with 7 additions and 2 deletions
--- a/5
+++ b/5
@ -10,6 +10,11 @@ Security
     one using PrintableString and the other UTF8String) or
     in the choice of upper and lower case. Reported by
     HenrikRosenquistAndersson in #1784.
+   * Fix a flawed bounds check in server PSK hint parsing. In case the
+     incoming message buffer was placed within the first 64KB of address
+     space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker
+     to trigger a memory access up to 64KB beyond the incoming message buffer,
+     potentially leading to application crash or information disclosure.

 Bugfix
   * Fix failure in hmac_drbg in the benchmark sample application, when
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -1884,7 +1884,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
     *
     * opaque psk_identity_hint<0..2^16-1>;
     */
-    if( (*p) > end - 2 )
+    if( end - (*p) < 2 )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
                                    "(psk_identity_hint length)" ) );
@ -1893,7 +1893,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
    len = (*p)[0] << 8 | (*p)[1];
    *p += 2;

-    if( (*p) > end -len )
+    if( end - (*p) < (int) len )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
                                    "(psk_identity_hint length)" ) );