From bab079e85e7ec3ba476e9fc867f0c86d8d2a6b13 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 8 Oct 2018 13:40:50 +0100 Subject: [PATCH] Fix bounds check in ssl_parse_server_psk_hint() In the previous bounds check `(*p) > end - len`, the computation of `end - len` might underflow if `end` is within the first 64KB of the address space (note that the length `len` is controlled by the peer). In this case, the bounds check will be bypassed, leading to `*p` exceed the message bounds by up to 64KB when leaving `ssl_parse_server_psk_hint()`. In a pure PSK-based handshake, this doesn't seem to have any consequences, as `*p*` is not accessed afterwards. In a PSK-(EC)DHE handshake, however, `*p` is read from in `ssl_parse_server_ecdh_params()` and `ssl_parse_server_dh_params()` which might lead to an application crash of information leakage. --- library/ssl_cli.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 8e5c02b25..2be66ef85 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1884,7 +1884,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, * * opaque psk_identity_hint<0..2^16-1>; */ - if( (*p) > end - 2 ) + if( end - (*p) < 2 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " "(psk_identity_hint length)" ) ); @@ -1893,7 +1893,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, len = (*p)[0] << 8 | (*p)[1]; *p += 2; - if( (*p) > end -len ) + if( end - (*p) < len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " "(psk_identity_hint length)" ) );