Fix possible integer overflows before widening

When calculating a result to go into an mbedtls_ms_time_t, make sure that arithmetic is performed at the final size to prevent overflow. Signed-off-by: David Horstmann <david.horstmann@arm.com>
2025-07-29 11:41:15 +03:00 · 2023-12-06 17:22:53 +00:00
parent d9c69d12ac
commit 4749007f64
2 changed files with 4 additions and 2 deletions
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@ -510,7 +510,8 @@ int mbedtls_ssl_ticket_parse(void *p_ticket,
        }
 #endif

-        mbedtls_ms_time_t ticket_lifetime = ctx->ticket_lifetime * 1000;
+        mbedtls_ms_time_t ticket_lifetime =
+            (mbedtls_ms_time_t) ctx->ticket_lifetime * 1000;

        if (ticket_age < 0 || ticket_age > ticket_lifetime) {
            ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;