Add signature algorithm length check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 7ef3ec1..85270c4 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -256,8 +256,11 @@
: ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
)
-/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */
-#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534
+/* Maximum size in bytes of list in signature algorithms ext., RFC 5246/8446 */
+#define MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN 65534
+
+/* Minimue size in bytes of list in signature algorithms ext., RFC 5246/8446 */
+#define MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN 2
/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bb2b47e..e398f48 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3160,7 +3160,7 @@
{
const int *md;
const int *sig_hashes = ssl->conf->sig_hashes;
- size_t sig_algs_len = sizeof( uint16_t );
+ size_t sig_algs_len = 0;
uint16_t *p;
for( md = sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
@@ -3175,10 +3175,13 @@
#endif
}
- if( sig_algs_len == sizeof( uint16_t ) )
+ if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN ||
+ sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN )
+ {
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ }
- ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len );
+ ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len + 2 );
if( ssl->handshake->sig_algs == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );