Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

mbedtls: Add bounds check before length read

Browse source 
This is part of the patch for CVE-2018-9989.
Cherry-picked from 740b218386
Ref. https://github.com/espressif/esp-idf/issues/1860
This commit is contained in:
Ivan Grokhotkov 2018-04-19 11:51:27 +08:00
parent ffab6084f0
commit 8de29499ce
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
components/mbedtls/library/ssl_cli.c
View file

@ -2049,6 +2049,12 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
*
* opaque psk_identity_hint<0..2^16-1>;
*/
if( (*p) > end - 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
"(psk_identity_hint length)" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
len = (*p)[0] << 8 | (*p)[1];
*p += 2;