Fix bug in ssl_write_supported_elliptic_curves_ext
Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a
crash later in ssl_write_supported_elliptic_curves_ext. #373
diff --git a/ChangeLog b/ChangeLog
index a2fae0d..ec53df4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,8 @@
* Fix issue that caused a hang when generating RSA keys of odd bitlength
* Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer
dereference possible.
+ * Fix issue that caused a crash if invalid curves were passed to
+ mbedtls_ssl_conf_curves. #373
Changes
* On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 09fc337..1d8b33f 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -269,6 +269,12 @@
for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
{
#endif
+ if( info == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) );
+ return;
+ }
+
elliptic_curve_len += 2;
}
@@ -288,7 +294,6 @@
for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
{
#endif
-
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
}