yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-02 10:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Do not allow configuring zero-length PSK

Browse source 
fix error when calloc is called with size 0
This commit is contained in:
Piotr Nowicki 2019-11-20 14:54:36 +01:00
parent 5d74241b54
commit 9926eaf695
3 changed files with 28 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
library/ssl_tls.c
View file

@ -9171,8 +9171,13 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
ssl_conf_remove_psk( conf ); ssl_conf_remove_psk( conf );
/* Check and set raw PSK */ /* Check and set raw PSK */
if( psk == NULL || psk_len > MBEDTLS_PSK_MAX_LEN ) if( psk == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( psk_len == 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( psk_len > MBEDTLS_PSK_MAX_LEN )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
conf->psk_len = psk_len; conf->psk_len = psk_len;

16
programs/ssl/ssl_client2.c
View file

@ -194,7 +194,8 @@ int main( void )
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
#define USAGE_PSK_RAW \ #define USAGE_PSK_RAW \
" psk=%%s default: \"\" (in hex, without 0x)\n" \ " psk=%%s default: \"\" (disabled)\n" \
" The PSK values are in hex, without 0x.\n" \
" psk_identity=%%s default: \"Client_identity\"\n" " psk_identity=%%s default: \"Client_identity\"\n"
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#define USAGE_PSK_SLOT \ #define USAGE_PSK_SLOT \
@ -2374,14 +2375,17 @@ int main( int argc, char *argv[] )
} }
else else
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len, if( psk_len > 0 )
(const unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
ret ); (const unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret );
goto exit; goto exit;
} }
}
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
if( opt.min_version != DFL_MIN_VERSION ) if( opt.min_version != DFL_MIN_VERSION )

11
programs/ssl/ssl_server2.c
View file

@ -259,7 +259,8 @@ int main( void )
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
#define USAGE_PSK_RAW \ #define USAGE_PSK_RAW \
" psk=%%s default: \"\" (in hex, without 0x)\n" \ " psk=%%s default: \"\" (disabled)\n" \
" The PSK values are in hex, without 0x.\n" \
" psk_list=%%s default: \"\"\n" \ " psk_list=%%s default: \"\"\n" \
" A list of (PSK identity, PSK value) pairs.\n" \ " A list of (PSK identity, PSK value) pairs.\n" \
" The PSK values are in hex, without 0x.\n" \ " The PSK values are in hex, without 0x.\n" \
@ -3364,14 +3365,18 @@ int main( int argc, char *argv[] )
} }
else else
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len, if( psk_len > 0 )
{
ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
(const unsigned char *) opt.psk_identity, (const unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) ) ) != 0 ) strlen( opt.psk_identity ) );
if( ret != 0 )
{ {
mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - ret ); mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - ret );
goto exit; goto exit;
} }
} }
}
if( opt.psk_list != NULL ) if( opt.psk_list != NULL )
{ {