From 2d87a9eeb551fe6d5c447374283eb163f33ab4a9 Mon Sep 17 00:00:00 2001
From: Xiaokang Qian <xiaokang.qian@arm.com>
Date: Wed, 9 Nov 2022 07:55:48 +0000
Subject: [PATCH] Pend one alert in case wrong EXT_EARLY_DATA length

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index f68b240803..4935fbf4e5 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -2542,9 +2542,18 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl,
         {
             case MBEDTLS_TLS_EXT_EARLY_DATA:
                 MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) );
-                if( extension_data_len == 4 && ssl->session != NULL )
+                if( extension_data_len != 4 )
+                {
+                    MBEDTLS_SSL_PEND_FATAL_ALERT(
+                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                        MBEDTLS_ERR_SSL_DECODE_ERROR );
+                    return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+                }
+                if( ssl->session != NULL )
+                {
                     ssl->session->ticket_flags |=
                             MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA;
+                }
                 break;
 
             default: