tls13: Add missing overread check in Certificate msg parsing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-04-07 13:22:46 +00:00 · 2022-06-10 17:03:54 +02:00 · 2022-06-10 17:03:54 +02:00 · 2b1a43c101
commit 2b1a43c101
parent e7b9b6b380
1 changed files with 1 additions and 0 deletions
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -446,6 +446,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,

    mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );

+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, certificate_list_len );
    certificate_list_end = p + certificate_list_len;
    while( p < certificate_list_end )
    {