yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-11 00:05:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add length checks in parse_certificate_verify()

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-09-10 14:27:21 +00:00 committed by Paul Bakker
parent 72226214b1
commit 5ee96546de
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
library/ssl_srv.c
View file

@ -3330,6 +3330,12 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
#if defined(POLARSSL_SSL_PROTO_TLS1_2) #if defined(POLARSSL_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
{ {
if( i + 2 > ssl->in_hslen )
{
SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
}
/* /*
* Hash * Hash
*/ */
@ -3376,6 +3382,12 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
} }
if( i + 2 > ssl->in_hslen )
{
SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
}
sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1]; sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1];
i += 2; i += 2;