Merge branch 'iotssl-1368-unsafe-bounds-check-psk-identity-merge-2.1' into mbedtls-2.1-restricted
diff --git a/ChangeLog b/ChangeLog
index fd20271..6e82bdf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,5 @@
mbed TLS ChangeLog (Sorted per branch, date)
-
= mbed TLS 2.1.10 branch released 2017-xx-xx
Security
@@ -9,6 +8,8 @@
Security Initiative, Qualcomm Technologies Inc.
* Fix buffer overflow in RSA-PSS verification when the unmasked
data is all zeros.
+ * Fix unsafe bounds check in ssl_parse_client_psk_identity() when adding
+ 64kB to the address of the SSL buffer wraps around.
Bugfix
* Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 1002adf..20d0760 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3249,7 +3249,7 @@
/*
* Receive client pre-shared key identity name
*/
- if( *p + 2 > end )
+ if( end - *p < 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
@@ -3258,7 +3258,7 @@
n = ( (*p)[0] << 8 ) | (*p)[1];
*p += 2;
- if( n < 1 || n > 65535 || *p + n > end )
+ if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );