From 2b1a43c1011a03ae0050273b390cccd6d78853fc Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Fri, 10 Jun 2022 17:03:54 +0200
Subject: [PATCH] tls13: Add missing overread check in Certificate msg parsing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/ssl_tls13_generic.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 2ddefc3d44..7d0559bc22 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -446,6 +446,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
 
     mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
 
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, certificate_list_len );
     certificate_list_end = p + certificate_list_len;
     while( p < certificate_list_end )
     {