No memmove: ssl_parse_certificate()
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b43acaa..36e9e40 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2977,8 +2977,6 @@
return( ret );
}
- ssl_hs_rm_dtls_hdr( ssl );
-
ssl->state++;
#if defined(POLARSSL_SSL_PROTO_SSL3)
@@ -3032,18 +3030,22 @@
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
}
- if( ssl->in_msg[0] != SSL_HS_CERTIFICATE || ssl->in_hslen < 10 )
+ if( ssl->in_msg[0] != SSL_HS_CERTIFICATE ||
+ ssl->in_hslen < ssl_hs_hdr_len( ssl ) + 3 + 3 )
{
SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
}
+ i = ssl_hs_hdr_len( ssl );
+
/*
* Same message structure as in ssl_write_certificate()
*/
- n = ( ssl->in_msg[5] << 8 ) | ssl->in_msg[6];
+ n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2];
- if( ssl->in_msg[4] != 0 || ssl->in_hslen != 7 + n )
+ if( ssl->in_msg[i] != 0 ||
+ ssl->in_hslen != n + 3 + ssl_hs_hdr_len( ssl ) )
{
SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
@@ -3066,7 +3068,7 @@
x509_crt_init( ssl->session_negotiate->peer_cert );
- i = 7;
+ i += 3;
while( i < ssl->in_hslen )
{