Add a length check in ssl_derive_keys()

2025-04-19 19:51:41 +00:00 · 2014-07-07 15:30:20 +02:00 · 2014-07-07 15:30:20 +02:00 · 4091141368
parent 511d809dd1
commit 4091141368
1 changed files with 6 additions and 0 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -526,6 +526,12 @@ int ssl_derive_keys( ssl_context *ssl )
                   transform->keylen, transform->minlen, transform->ivlen,
                   transform->maclen ) );

+    if( transform->maclen > sizeof transform->mac_enc )
+    {
+        SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+    }
+
    /*
     * Finally setup the cipher contexts, IVs and MAC secrets.
     */