From c957e3b5f882214e8c81cdd28e0fd23b7e238901 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 10 Jul 2019 11:37:19 +0100
Subject: [PATCH] Remove redundant length check during record header parsing

The check is in terms of the internal input buffer length and is
hence likely to be originally intended to protect against overflow
of the input buffer when fetching data from the underlying
transport in mbedtls_ssl_fetch_input(). For locality of reasoning,
it's better to perform such a check close to where it's needed,
and in fact, mbedtls_ssl_fetch_input() _does_ contain an equivalent
bounds check, too, rendering the bounds check in question redundant.
---
 library/ssl_tls.c | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ba8ba19974..51dc603b96 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4935,13 +4935,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
      * the presence of a CID. */
 
     ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
-    if( ssl->in_msglen > MBEDTLS_SSL_IN_BUFFER_LEN
-                         - (size_t)( ssl->in_msg - ssl->in_buf ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-    }
-
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
                                 "version = [%d:%d], msglen = %d",
                                 ssl->in_msgtype,