lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Fix possible buffer overflow with PSK

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard
2014-03-25 16:28:12 +01:00
committed by Paul Bakker
parent fdddac90a6
commit b2bf5a1bbb
3 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
library/ssl_tls.c
View File

@ -916,6 +916,9 @@ int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex )
}
/* opaque psk<0..2^16-1>; */
if( end - p < 2 + (int) ssl->psk_len )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
*(p++) = (unsigned char)( ssl->psk_len );
memcpy( p, ssl->psk, ssl->psk_len );
@ -3784,6 +3787,14 @@ int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
if( psk == NULL || psk_identity == NULL )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
/*
* The length will be check later anyway, but in case it is obviously
* too large, better abort now. The PMS is as follows:
* other_len (2 bytes) + other + psk_len (2 bytes) + psk
*/
if( psk_len + 4 > POLARSSL_PREMASTER_SIZE )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
if( ssl->psk != NULL )
{
polarssl_free( ssl->psk );