yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Check buffer pointers before storing peer's public key in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()

Browse source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-04-05 10:01:15 +02:00
parent e18ff952a7
commit 3cae167e6a
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
library/ssl_tls12_server.c
View file

@ -4057,8 +4057,15 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
}
/* Keep a copy of the peer's public key */
if( p >= end )
{
psa_destroy_key( handshake->ecdh_psa_privkey );
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
ecpoint_len = *(p++);
if( (size_t)( end - *p ) < ecpoint_len ) {
if( (size_t)( end - p ) < ecpoint_len ) {
psa_destroy_key( handshake->ecdh_psa_privkey );
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( MBEDTLS_ERR_SSL_DECODE_ERROR );