mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-23 19:40:58 +00:00
Manuel Pégourié-Gonnard
parent
ee7db9cb6d
commit
6512554f42
|
|
@ -12,6 +12,9 @@ Bugfix
|
||||||
* Fix unused function warning when using MBEDTLS_MDx_ALT or
|
* Fix unused function warning when using MBEDTLS_MDx_ALT or
|
||||||
MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
|
MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
|
||||||
* Fix memory corruption in pkey programs (found by yankuncheng) (#210)
|
* Fix memory corruption in pkey programs (found by yankuncheng) (#210)
|
||||||
|
* Fix memory corruption on client with overlong PSK identity, around
|
||||||
|
SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by
|
||||||
|
Aleksandrs Saveljevs) (#238)
|
||||||
|
|
||||||
= mbed TLS 1.3.12 released 2015-08-11
|
= mbed TLS 1.3.12 released 2015-08-11
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1578,6 +1578,12 @@ static int ssl_write_encrypted_pms( ssl_context *ssl,
|
||||||
size_t len_bytes = ssl->minor_ver == SSL_MINOR_VERSION_0 ? 0 : 2;
|
size_t len_bytes = ssl->minor_ver == SSL_MINOR_VERSION_0 ? 0 : 2;
|
||||||
unsigned char *p = ssl->handshake->premaster + pms_offset;
|
unsigned char *p = ssl->handshake->premaster + pms_offset;
|
||||||
|
|
||||||
|
if( offset + len_bytes > SSL_MAX_CONTENT_LEN )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Generate (part of) the pre-master as
|
* Generate (part of) the pre-master as
|
||||||
* struct {
|
* struct {
|
||||||
|
|
@ -2349,6 +2355,14 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
||||||
|
|
||||||
i = 4;
|
i = 4;
|
||||||
n = ssl->psk_identity_len;
|
n = ssl->psk_identity_len;
|
||||||
|
|
||||||
|
if( i + 2 + n > SSL_MAX_CONTENT_LEN )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "psk identity too long or "
|
||||||
|
"SSL buffer too short" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
}
|
||||||
|
|
||||||
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
||||||
ssl->out_msg[i++] = (unsigned char)( n );
|
ssl->out_msg[i++] = (unsigned char)( n );
|
||||||
|
|
||||||
|
|
@ -2377,6 +2391,14 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
||||||
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
|
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
|
||||||
*/
|
*/
|
||||||
n = ssl->handshake->dhm_ctx.len;
|
n = ssl->handshake->dhm_ctx.len;
|
||||||
|
|
||||||
|
if( i + 2 + n > SSL_MAX_CONTENT_LEN )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
|
||||||
|
" or SSL buffer too short" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
}
|
||||||
|
|
||||||
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
||||||
ssl->out_msg[i++] = (unsigned char)( n );
|
ssl->out_msg[i++] = (unsigned char)( n );
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4047,6 +4047,13 @@ int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
|
||||||
if( psk_len > POLARSSL_PSK_MAX_LEN )
|
if( psk_len > POLARSSL_PSK_MAX_LEN )
|
||||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
/* Identity len will be encoded on two bytes */
|
||||||
|
if( ( psk_identity_len >> 16 ) != 0 ||
|
||||||
|
psk_identity_len > SSL_MAX_CONTENT_LEN )
|
||||||
|
{
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
}
|
||||||
|
|
||||||
if( ssl->psk != NULL || ssl->psk_identity != NULL )
|
if( ssl->psk != NULL || ssl->psk_identity != NULL )
|
||||||
{
|
{
|
||||||
polarssl_free( ssl->psk );
|
polarssl_free( ssl->psk );
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue