Verify that f_send and f_recv send and receive the expected length

Verify that f_send and f_recv send and receive the expected length Conflicts: ChangeLog
2025-01-21 22:01:05 +00:00 · 2018-03-22 02:40:43 -07:00 · 2018-03-22 02:40:43 -07:00 · cee0890b19
parent 89c12ecfb5
commit cee0890b19
2 changed files with 10 additions and 7 deletions
--- a/5
+++ b/5
@ -12,8 +12,9 @@ Bugfix
     In the context of SSL, this resulted in handshake failure. #1351

 Changes
-   * Add guard to validate that out_left can not be negative. Raised by 
-     samoconnor in #1245.
+   * Verify that when (f_send, f_recv and f_recv_timeout) send or receive 
+     more than the required length an error is returned. Raised by 
+     Sam O'Connor in #1245.

 = mbed TLS 2.1.10 branch released 2018-02-03

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2402,11 +2402,11 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
            if( ret < 0 )
                return( ret );

-            // At this point ret value is positive, verify that adding ret 
-            // value to ssl->in_left doesn't cause a wraparound
-            if (ssl->in_left + (size_t)ret < ssl->in_left)
+            if ( (size_t)ret > len )
            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "wraparound happened over in_left value" ) );
+                MBEDTLS_SSL_DEBUG_MSG( 1, 
+                    ( "f_recv returned %d bytes but only %zu were requested", 
+                    ret, len ) );
                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
            }

@ -2459,7 +2459,9 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )

        if( (size_t)ret > ssl->out_left )
        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_send returned value greater than out left size" ) );
+            MBEDTLS_SSL_DEBUG_MSG( 1, 
+                ( "f_send returned %d bytes but only %zu bytes were sent", 
+                ret, ssl->out_left ) );
            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
        }