Fix buffer overflow in TLS 1.3 ECDH public key parsing Fix a buffer overflow in TLS 1.3 ServerHello and ClientHello parsing. The length of the public key in an ECDH- or FFDH-based key exchange was not validated. This could result in an overflow of handshake->xxdh_psa_peerkey, overwriting further data in the handshake structure or further on the heap. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 12c5aaae574114cf4883d0e21aa0045b0a606110 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Mon Oct 02 14:55:45 2023 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Mon Oct 02 15:02:10 2023 +0200
tree: 8fecae67451c82e30934dd409b40e87e46f5cc65
parent: 3a098e90902a1c4922490b16d45ee882636a8d38 [diff] [blame]
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 81fa514..dc88c4f 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c

@@ -1516,7 +1516,10 @@
     /* Check if key size is consistent with given buffer length. */
     MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, peerkey_len);
 
-    /* Store peer's ECDH public key. */
+    /* Store peer's ECDH/FFDH public key. */
+    if (peerkey_len > sizeof(handshake->xxdh_psa_peerkey)) {
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+    }
     memcpy(handshake->xxdh_psa_peerkey, p, peerkey_len);
     handshake->xxdh_psa_peerkey_len = peerkey_len;
commit	12c5aaae574114cf4883d0e21aa0045b0a606110	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Oct 02 14:55:45 2023 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Oct 02 15:02:10 2023 +0200
tree	8fecae67451c82e30934dd409b40e87e46f5cc65
parent	3a098e90902a1c4922490b16d45ee882636a8d38 [diff] [blame]