Avoid wraparound on in_left
Avoid wraparound on in_left
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 027fdd2..b915776 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2434,6 +2434,14 @@
if( ret < 0 )
return( ret );
+ // At this point ret value is positive, verify that adding ret
+ // value to ssl->in_left doesn't cause a wraparound
+ if (ssl->in_left + (size_t)ret < ssl->in_left)
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "wraparound happened over in_left value" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
ssl->in_left += ret;
}
}