Fix handling of long PSK identities fixes #238

commit: c6b5d833ec650dea86e471df2c470829c71c8b5f [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Thu Aug 27 16:37:35 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Mon Aug 31 10:34:26 2015 +0200
tree: 45bf64d5fe76bbd92376778680241d22f5be2c49
parent: ea35666f50949f9fad3c63c851f4c4ed09b828ab [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 80dbe8a..793d241 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -5457,6 +5457,13 @@
     if( psk_len > MBEDTLS_PSK_MAX_LEN )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
+    /* Identity len will be encoded on two bytes */
+    if( ( psk_identity_len >> 16 ) != 0 ||
+        psk_identity_len > MBEDTLS_SSL_MAX_CONTENT_LEN )
+    {
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
     if( conf->psk != NULL || conf->psk_identity != NULL )
     {
         mbedtls_free( conf->psk );
commit	c6b5d833ec650dea86e471df2c470829c71c8b5f	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Thu Aug 27 16:37:35 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Mon Aug 31 10:34:26 2015 +0200
tree	45bf64d5fe76bbd92376778680241d22f5be2c49
parent	ea35666f50949f9fad3c63c851f4c4ed09b828ab [diff] [blame]