mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 13:45:29 +00:00
Avoid seemingly-possible overflow
By looking just at that test, it looks like 2 + dn_size could overflow. In fact that can't happen as that would mean we've read a CA cert of size is too big to be represented by a size_t. However, it's best for code to be more obviously free of overflow without having to reason about the bigger picture.
This commit is contained in:
parent
acbb050118
commit
7f17155ac6
|
@ -2584,7 +2584,9 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
dn_size = crt->subject_raw.len;
|
dn_size = crt->subject_raw.len;
|
||||||
|
|
||||||
if( end < p || (size_t)( end - p ) < 2 + dn_size )
|
if( end < p ||
|
||||||
|
(size_t)( end - p ) < dn_size ||
|
||||||
|
(size_t)( end - p ) < 2 + dn_size )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in a new issue