commit f65add4f60b94a3ee164209ee98aa0baf8c89fa0
author mohammad1603 <mohammad.abomokh@arm.com> Thu Feb 22 04:29:04 2018 -0800
committer mohammad1603 <mohammad.abomokh@arm.com> Thu Feb 22 05:07:15 2018 -0800
tree 34804e6f23af4b1d0929d122fdb4d9e0d725a612
parent ac33180219446388a9a8bba19873d426d347b756

Backport 2.1:Add guard to out_left to avoid negative values

return error when f_send return a value greater than out_left

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index cf6331f..a02f6df 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,8 +11,14 @@
      with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct.
      In the context of SSL, this resulted in handshake failure. #1351
 
+Changes
+   * Add guard to validate that out_left can not be negative. Raised by 
+     samoconnor in #1245.
+
+
 = mbed TLS 2.1.10 branch released 2018-02-03
 
+
 Security
    * Fix a heap corruption issue in the implementation of the truncated HMAC
      extension. When the truncated HMAC extension is enabled and CBC is used,

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7193809..7f51bee 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2449,6 +2449,12 @@
         if( ret <= 0 )
             return( ret );
 
+        if( (size_t)ret > ssl->out_left )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_send returned value greater than out left size" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
         ssl->out_left -= ret;
     }