lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-05 19:35:48 +03:00
Code Activity

ssl_buffering_free_slot(): Double-check validity of slot index

Browse Source
This commit is contained in:
Hanno Becker
2018-08-23 13:18:05 +01:00
parent 12b72c182e
commit b309b92ee8
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
library/ssl_tls.c
View File

@@ -4493,7 +4493,7 @@ static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Free buffering slot %d to make space for reassembly of next handshake message", MBEDTLS_SSL_DEBUG_MSG( 2, ( "Free buffering slot %d to make space for reassembly of next handshake message",
offset ) ); offset ) );
ssl_buffering_free_slot( ssl, offset ); ssl_buffering_free_slot( ssl, (uint8_t) offset );
/* Check if we have enough space available now. */ /* Check if we have enough space available now. */
if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
@@ -8681,6 +8681,10 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
{ {
mbedtls_ssl_handshake_params * const hs = ssl->handshake; mbedtls_ssl_handshake_params * const hs = ssl->handshake;
mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot]; mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot];
if( slot >= MBEDTLS_SSL_MAX_BUFFERED_HS )
return;
if( hs_buf->is_valid == 1 ) if( hs_buf->is_valid == 1 )
{ {
hs->buffering.total_bytes_buffered -= hs_buf->data_len; hs->buffering.total_bytes_buffered -= hs_buf->data_len;