commit c8df898204584e92b9e5001847788d899b34353d
author Gilles Peskine <Gilles.Peskine@arm.com> Mon Oct 02 14:58:16 2023 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Mon Oct 02 15:02:33 2023 +0200
tree 04c74921edebc1b921d990db19f228f6023aa2e3
parent 12c5aaae574114cf4883d0e21aa0045b0a606110

Fix buffer overflow in TLS 1.2 ClientKeyExchange parsing

Fix a buffer overflow in TLS 1.2 ClientKeyExchange parsing. When
MBEDTLS_USE_PSA_CRYPTO is enabled, the length of the public key in an ECDH
or ECDHE key exchange was not validated. This could result in an overflow of
handshake->xxdh_psa_peerkey, overwriting further data in the handshake
structure or further on the heap.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/ssl_tls12_server.c

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index d2143ac..ed2fbd1 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -3734,6 +3734,11 @@
         }
 
         /* Store peer's ECDH public key. */
+        MBEDTLS_SSL_DEBUG_MSG(3, ("data_len=%zu sizeof(handshake->xxdh_psa_peerkey)=%zu", data_len, sizeof(handshake->xxdh_psa_peerkey)));
+        if (data_len > sizeof(handshake->xxdh_psa_peerkey)) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid data length"));
+            return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+        }
         memcpy(handshake->xxdh_psa_peerkey, p, data_len);
         handshake->xxdh_psa_peerkey_len = data_len;