Do not allow configuring zero-length PSK

fix error when calloc is called with size 0
2025-07-29 11:41:15 +03:00 · 2019-11-20 14:54:36 +01:00
parent 5d74241b54
commit 9926eaf695
3 changed files with 28 additions and 14 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -9171,8 +9171,13 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
    ssl_conf_remove_psk( conf );

    /* Check and set raw PSK */
-    if( psk == NULL || psk_len > MBEDTLS_PSK_MAX_LEN )
+    if( psk == NULL )
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if( psk_len == 0 )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if( psk_len > MBEDTLS_PSK_MAX_LEN )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
    if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
    conf->psk_len = psk_len;