mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-11 16:13:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1207 from ronald-cron-arm/binder-overread

Browse Source 
tls13: srv: Fix potential stack buffer overread
This commit is contained in:
Gilles Peskine 2024-03-19 17:01:23 +01:00 committed by GitHub
commit 4fc5b71cbb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog.d/binder-overread.txt Normal file
View File

@ -0,0 +1,4 @@
Security
* Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3
ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A
malicious client could cause information disclosure or a denial of service.

8
library/ssl_tls13_server.c
View File

@ -414,6 +414,10 @@ static int ssl_tls13_offered_psks_check_binder_match(
size_t psk_len;
unsigned char server_computed_binder[PSA_HASH_MAX_SIZE];
if (binder_len != PSA_HASH_LENGTH(psk_hash_alg)) {
return SSL_TLS1_3_BINDER_DOES_NOT_MATCH;
}
/* Get current state of handshake transcript. */
ret = mbedtls_ssl_get_handshake_transcript(
ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg),
@ -443,7 +447,9 @@ static int ssl_tls13_offered_psks_check_binder_match(
server_computed_binder, transcript_len);
MBEDTLS_SSL_DEBUG_BUF(3, "psk binder ( received ): ", binder, binder_len);
if (mbedtls_ct_memcmp(server_computed_binder, binder, binder_len) == 0) {
if (mbedtls_ct_memcmp(server_computed_binder,
binder,
PSA_HASH_LENGTH(psk_hash_alg)) == 0) {
return SSL_TLS1_3_BINDER_MATCH;
}