commit 1a2640c0250848737fdb5a371cf71b1e6424b939
author Gilles Peskine <Gilles.Peskine@arm.com> Thu Nov 23 18:58:30 2017 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Thu Nov 23 18:58:30 2017 +0100
tree 0b75f6f7e62942ef2b29d860135b678ad2438b4c
parent bfa8df4c7e66b4975431b967f8e660b33ab10132
parent dab611a7b181ebc1f80c731b5f86895b1ece1cfe

Merge branch 'iotssl-1368-unsafe-bounds-check-psk-identity-merge' into development-restricted

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 94e64d7..f41af12 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,8 @@
      Security Initiative, Qualcomm Technologies Inc.
    * Fix buffer overflow in RSA-PSS verification when the unmasked
      data is all zeros.
+   * Fix unsafe bounds check in ssl_parse_client_psk_identity() when adding
+     64kB to the address of the SSL buffer wraps around.
 
 Features
    * Allow comments in test data files.

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 37f415d..de3ea80 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3433,7 +3433,7 @@
     /*
      * Receive client pre-shared key identity name
      */
-    if( *p + 2 > end )
+    if( end - *p < 2 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
         return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
@@ -3442,7 +3442,7 @@
     n = ( (*p)[0] << 8 ) | (*p)[1];
     *p += 2;
 
-    if( n < 1 || n > 65535 || *p + n > end )
+    if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
         return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );