mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-28 09:39:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Check buffer pointers before storing peer's public key in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-04-05 10:01:15 +02:00
parent e18ff952a7
commit 3cae167e6a
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
library/ssl_tls12_server.c
View File

@ -4057,8 +4057,15 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
} }
/* Keep a copy of the peer's public key */ /* Keep a copy of the peer's public key */
if( p >= end )
{
psa_destroy_key( handshake->ecdh_psa_privkey );
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
ecpoint_len = *(p++); ecpoint_len = *(p++);
if( (size_t)( end - *p ) < ecpoint_len ) { if( (size_t)( end - p ) < ecpoint_len ) {
psa_destroy_key( handshake->ecdh_psa_privkey ); psa_destroy_key( handshake->ecdh_psa_privkey );
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR );