remove ssl_parse_client_hello redundant conditions

ext_len is unsigned and the loop over the extensions checks while( ext_len != 0 ) { if ( ext_len < 4 ) { so additional checks are redundant. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2025-01-29 12:32:48 +00:00 · 2021-02-02 02:21:23 -05:00 · 2021-02-02 02:21:23 -05:00 · 8a8a83b4a2
commit 8a8a83b4a2
parent 53943ca434
1 changed files with 1 additions and 10 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -1887,8 +1887,7 @@ read_record_header:
            ext_len = ( buf[ext_offset + 0] << 8 )
                    | ( buf[ext_offset + 1]      );

-            if( ( ext_len > 0 && ext_len < 4 ) ||
-                msg_len != ext_offset + 2 + ext_len )
+            if( msg_len != ext_offset + 2 + ext_len )
            {
                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@ -2079,14 +2078,6 @@ read_record_header:

            ext_len -= 4 + ext_size;
            ext += 4 + ext_size;
-
-            if( ext_len > 0 && ext_len < 4 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-            }
        }
 #if defined(MBEDTLS_SSL_PROTO_SSL3)
    }