From 9847338429cac3aba17d919bbd53d8d0d2c21fae Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Wed, 30 Mar 2022 20:04:10 +0200
Subject: [PATCH] ssl_tls13_client.c: Add check in supported_versions parsing

Add check in ServerHello supported_versions parsing
that the length of the extension data is exactly
two.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/ssl_tls13_client.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 7c1f95e5c9..77c79409c2 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -100,7 +100,7 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
 {
     ((void) ssl);
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2);
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 );
     if( buf[0] != MBEDTLS_SSL_MAJOR_VERSION_3 ||
         buf[1] != MBEDTLS_SSL_MINOR_VERSION_4 )
     {
@@ -111,6 +111,14 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
         return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
     }
 
+    if( &buf[2] != end )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "supported_versions ext data length incorrect" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    }
+
     return( 0 );
 }