Uniformize bounds checks using new macro

This commit uses the previously defined macro to uniformize bounds checks in several places. It also adds bounds checks to the ClientHello writing function that were previously missing. Also, the functions adding extensions to the ClientHello message can now fail if the buffer is too small or a different error condition occurs, and moreover they take an additional buffer end parameter to free them from the assumption that one is writing to the default output buffer. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-07-29 11:41:15 +03:00 · 2017-04-12 14:54:42 +01:00
parent 51018aab56
commit 261602cb34
4 changed files with 271 additions and 181 deletions
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@ -35,6 +35,7 @@
 #define mbedtls_free      free
 #endif

+#include "mbedtls/ssl_internal.h"
 #include "mbedtls/ssl_ticket.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform_util.h"
@ -224,8 +225,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket,

    /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag,
     * in addition to session itself, that will be checked when writing it. */
-    if( end - start < TICKET_MIN_LEN )
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    MBEDTLS_SSL_CHK_BUF_PTR( start, end, TICKET_MIN_LEN );

 #if defined(MBEDTLS_THREADING_C)
    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )