commit e18ff952a7ce75b462be180e38b3be070a5efd4f
author Neil Armstrong <narmstrong@baylibre.com> Mon Apr 04 18:34:55 2022 +0200
committer Neil Armstrong <narmstrong@baylibre.com> Tue Apr 05 10:29:53 2022 +0200
tree 8acdfbfafdc9c3735bbc3712f35737f6c1875ee3
parent b7ca76b6523784df127b911f1f0ee4add83302a4

Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_write_client_key_exchange()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>

library/ssl_tls12_client.c

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index f5473f4..e68830e 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -3130,10 +3130,6 @@
         MBEDTLS_PUT_UINT16_BE( zlen, pms, 0 );
         pms += zlen_size + zlen;
 
-        /* opaque psk<0..2^16-1>; */
-        if( pms_end - pms < 2 )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
         const unsigned char *psk = NULL;
         size_t psk_len = 0;
 
@@ -3145,13 +3141,14 @@
              */
             return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 
+        /* opaque psk<0..2^16-1>; */
+        if( (size_t)( pms_end - pms ) < ( 2 + psk_len ) )
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
         /* Write the PSK length as uint16 */
         MBEDTLS_PUT_UINT16_BE( psk_len, pms, 0 );
         pms += 2;
 
-        if( pms_end < pms || (size_t)( pms_end - pms ) < psk_len )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
         /* Write the PSK itself */
         memcpy( pms, psk, psk_len );
         pms += psk_len;