Add bounds check before length read
This commit is contained in:
parent
469b882947
commit
740b218386
1 changed files with 6 additions and 0 deletions
|
@ -2057,6 +2057,12 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
|
|||
*
|
||||
* opaque psk_identity_hint<0..2^16-1>;
|
||||
*/
|
||||
if( (*p) > end - 2 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
|
||||
"(psk_identity_hint length)" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
len = (*p)[0] << 8 | (*p)[1];
|
||||
*p += 2;
|
||||
|
||||
|
|
Loading…
Reference in a new issue