Add a safety check for in_hsfraglen Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>

commit: 85ec2b36326cdefdbc11bd57c002c70fd9fe1d70 [log] [tgz]
author: Deomid rojer Ryabkov <rojer@rojer.me> Mon Jan 27 22:37:37 2025 +0400
committer: Gilles Peskine <Gilles.Peskine@arm.com> Mon Feb 17 15:59:04 2025 +0100
tree: e557764587060bb8963930b44f219ed1badec74a
parent: 5c853ea2c557c8b68c8ae75ea068ff8073b1185e [diff] [blame]
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 83920f6..fcab63e 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c

@@ -3298,6 +3298,9 @@
     } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
     {
+        if (ssl->in_hsfraglen > ssl->in_hslen) {
+            return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+        }
         int ret;
         const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
         MBEDTLS_SSL_DEBUG_MSG(3,
commit	85ec2b36326cdefdbc11bd57c002c70fd9fe1d70	[log] [tgz]
author	Deomid rojer Ryabkov <rojer@rojer.me>	Mon Jan 27 22:37:37 2025 +0400
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Feb 17 15:59:04 2025 +0100
tree	e557764587060bb8963930b44f219ed1badec74a
parent	5c853ea2c557c8b68c8ae75ea068ff8073b1185e [diff] [blame]