Avoid false positives in bounds check
The size of the buffer already accounts for the extra data before the actual
message, so the allowed length is SSL_MAX_CONTENT_LEN starting from _msg
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 8be7ac5..ce833ef 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2062,7 +2062,7 @@
{
int ret;
unsigned char *p = buf;
- const unsigned char *end = ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN;
+ const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
size_t kkpp_len;
*olen = 0;
@@ -2679,7 +2679,7 @@
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
{
size_t jlen;
- const unsigned char *end = ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN;
+ const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
p, end - p, &jlen, ssl->conf->f_rng, ssl->conf->p_rng );