Prevent arithmetic overflow on bounds check

commit: 8e0b1166b67abc55abfb4969d11d01fc47d940a8 [log] [tgz]
author: Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com> Wed Mar 14 11:21:35 2018 +0100
committer: Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com> Wed Mar 14 11:21:35 2018 +0100
tree: 2f33266c5368ca47f5beb42cab1c041fc4f04366
parent: 9e1839bc43536c20cc15dabca0fc8cacebb44f88 [diff] [blame]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 585750e..759a456 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -2066,7 +2066,7 @@
     len = (*p)[0] << 8 | (*p)[1];
     *p += 2;
 
-    if( (*p) + len > end )
+    if( (*p) > end - len )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
                                     "(psk_identity_hint length)" ) );
commit	8e0b1166b67abc55abfb4969d11d01fc47d940a8	[log] [tgz]
author	Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com>	Wed Mar 14 11:21:35 2018 +0100
committer	Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com>	Wed Mar 14 11:21:35 2018 +0100
tree	2f33266c5368ca47f5beb42cab1c041fc4f04366
parent	9e1839bc43536c20cc15dabca0fc8cacebb44f88 [diff] [blame]