mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 17:25:39 +00:00
Fix other int casts in bounds checking
Not a security issue as here we know the buffer is large enough (unless something else if badly wrong in the code), and the value cast to int is less than 2^16 (again, unless issues elsewhere). Still changing to a more correct check as a matter of principle
This commit is contained in:
parent
5784dd5ac8
commit
c28240596a
|
@ -1095,11 +1095,16 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||
if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK )
|
||||
{
|
||||
if( end - p < 2 + (int) psk_len )
|
||||
if( end - p < 2 )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
*(p++) = (unsigned char)( psk_len >> 8 );
|
||||
*(p++) = (unsigned char)( psk_len );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < psk_len )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
memset( p, 0, psk_len );
|
||||
p += psk_len;
|
||||
}
|
||||
else
|
||||
|
@ -1167,11 +1172,15 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||
}
|
||||
|
||||
/* opaque psk<0..2^16-1>; */
|
||||
if( end - p < 2 + (int) psk_len )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
if( end - p < 2 )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
*(p++) = (unsigned char)( psk_len >> 8 );
|
||||
*(p++) = (unsigned char)( psk_len );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < psk_len )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
memcpy( p, psk, psk_len );
|
||||
p += psk_len;
|
||||
|
||||
|
|
Loading…
Reference in a new issue