ssl_tls13_client.c: Add check in supported_versions parsing Add check in ServerHello supported_versions parsing that the length of the extension data is exactly two. Signed-off-by: Ronald Cron <ronald.cron@arm.com>

commit: 9847338429cac3aba17d919bbd53d8d0d2c21fae [log] [tgz]
author: Ronald Cron <ronald.cron@arm.com> Wed Mar 30 20:04:10 2022 +0200
committer: Ronald Cron <ronald.cron@arm.com> Thu Mar 31 09:33:41 2022 +0200
tree: a25c62e9759af08d1fbf6ceba042de63d0410c2b
parent: 1fa4f6863b7a4934da552068a4577e8126e1d7c1 [diff] [blame]
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 7c1f95e..77c7940 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c

@@ -100,7 +100,7 @@
 {
     ((void) ssl);
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2);
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 );
     if( buf[0] != MBEDTLS_SSL_MAJOR_VERSION_3 ||
         buf[1] != MBEDTLS_SSL_MINOR_VERSION_4 )
     {
@@ -111,6 +111,14 @@
         return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
     }
 
+    if( &buf[2] != end )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "supported_versions ext data length incorrect" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    }
+
     return( 0 );
 }
commit	9847338429cac3aba17d919bbd53d8d0d2c21fae	[log] [tgz]
author	Ronald Cron <ronald.cron@arm.com>	Wed Mar 30 20:04:10 2022 +0200
committer	Ronald Cron <ronald.cron@arm.com>	Thu Mar 31 09:33:41 2022 +0200
tree	a25c62e9759af08d1fbf6ceba042de63d0410c2b
parent	1fa4f6863b7a4934da552068a4577e8126e1d7c1 [diff] [blame]