From 611ac771278e0f720ff2d1de4cd68ffe0e2dfa55 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 14 May 2019 11:45:26 +0100 Subject: [PATCH] Fix mbedtls_ssl_conf_cid() to not depend on macro constant values The previous implementation of mbedtls_ssl_conf_cid() relied on MBEDTLS_SSL_UNEXPECTED_CID_IGNORE being defined as 1. --- library/ssl_tls.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4cdad6c90e..8a796b5aaa 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -127,8 +127,13 @@ int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, if( len > MBEDTLS_SSL_CID_IN_LEN_MAX ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - conf->ignore_unexpected_cid = - ( ignore_other_cid == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE ); + if( ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL && + ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE ) + { + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + conf->ignore_unexpected_cid = ignore_other_cid; conf->cid_len = len; return( 0 ); }