From 89c12ecfb596a3ce050dba61b5c7c5c508a27d8f Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 19 Mar 2018 07:15:50 -0700 Subject: [PATCH] Avoid wraparound on in_left Avoid wraparound on in_left --- library/ssl_tls.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7f51bee78..3f1c40617 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2402,6 +2402,14 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ret < 0 ) return( ret ); + // At this point ret value is positive, verify that adding ret + // value to ssl->in_left doesn't cause a wraparound + if (ssl->in_left + (size_t)ret < ssl->in_left) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "wraparound happened over in_left value" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + ssl->in_left += ret; } }