Add a safety check for in_hsfraglen

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
2025-03-09 01:13:42 +00:00 · 2025-01-27 22:37:37 +04:00 · 2025-01-27 22:37:37 +04:00 · 85ec2b3632
commit 85ec2b3632
parent 5c853ea2c5
1 changed files with 3 additions and 0 deletions
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -3298,6 +3298,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
    } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
    {
+        if (ssl->in_hsfraglen > ssl->in_hslen) {
+            return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+        }
        int ret;
        const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
        MBEDTLS_SSL_DEBUG_MSG(3,