Merge branch 'iotssl-1368-unsafe-bounds-check-psk-identity-merge-2.1' into mbedtls-2.1-restricted

2025-01-08 08:55:29 +00:00 · 2017-11-23 19:06:29 +01:00 · 2017-11-23 19:06:29 +01:00 · a90c3da42f
parent aed00f7bf7 86eece9e87
commit a90c3da42f
2 changed files with 4 additions and 3 deletions
--- a/3
+++ b/3
@ -1,6 +1,5 @@
 mbed TLS ChangeLog (Sorted per branch, date)

-
 = mbed TLS 2.1.10 branch released 2017-xx-xx

 Security
@ -9,6 +8,8 @@ Security
     Security Initiative, Qualcomm Technologies Inc.
   * Fix buffer overflow in RSA-PSS verification when the unmasked
     data is all zeros.
+   * Fix unsafe bounds check in ssl_parse_client_psk_identity() when adding
+     64kB to the address of the SSL buffer wraps around.

 Bugfix
   * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -3249,7 +3249,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
    /*
     * Receive client pre-shared key identity name
     */
-    if( *p + 2 > end )
+    if( end - *p < 2 )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
@ -3258,7 +3258,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
    n = ( (*p)[0] << 8 ) | (*p)[1];
    *p += 2;

-    if( n < 1 || n > 65535 || *p + n > end )
+    if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );