From 189a01309ffd773fc75767b8a2b45e67b56be27b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Apr 2019 16:47:57 +0100 Subject: [PATCH] Check static bounds of CID lengths in check_config.h --- include/mbedtls/check_config.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index d8b0786c0..b8b327c99 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -646,6 +646,18 @@ #error "MBEDTLS_SSL_CID defined, but not all prerequisites" #endif +#if defined(MBEDTLS_SSL_CID) && \ + defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \ + MBEDTLS_SSL_CID_IN_LEN_MAX > 255 +#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)" +#endif + +#if defined(MBEDTLS_SSL_CID) && \ + defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \ + MBEDTLS_SSL_CID_OUT_LEN_MAX > 255 +#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)" +#endif + #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \ ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) #error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites"