From 0851ec93444b55b1dbb0db7cec3c4845f9cefcd3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 15:15:20 +0100 Subject: [PATCH] Fix end check before memmove Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 9d8857dfa6..ad3bf57592 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3121,7 +3121,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) #else size_t const in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; #endif - if (payload_end + ssl->in_hsfraglen > ssl->in_buf + in_buf_len) { + if (payload_end + ssl->in_msglen > ssl->in_buf + in_buf_len) { MBEDTLS_SSL_DEBUG_MSG(1, ("Shouldn't happen: no room to move handshake fragment %" MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%"