From 4e467098000dafa7b9ce0a55dd6243d117f6af90 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 12 Aug 2019 15:12:35 +0100 Subject: [PATCH] Document precoditions on some HS parsing/writing functions Eventually, all HS parsing/writing functions should take an arbitrary buffer + length pair as their argument, and return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the provided buffer is too short. So far, we've only made a first step by allowing to pass an arbitrary buffer, but don't yet add bounds checks throughout. While deliberate for now, this must be clearly documented. --- library/ssl_cli.c | 5 +++++ library/ssl_srv.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index fd6b90d2c..83e7f252c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3460,6 +3460,11 @@ static int ssl_out_client_key_exchange_prepare( mbedtls_ssl_context *ssl ) return( 0 ); } +/* Warning: Despite accepting a length argument, this function is currently + * still lacking some bounds checks and assumes that `buf` has length + * `MBEDTLS_SSL_OUT_CONTENT_LEN`. Eventually, it should be rewritten to work + * with any buffer + length pair, returning MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL + * on insufficient writing space. */ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, unsigned char *buf, size_t buflen, diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 7aaea95d0..8ffbf7c0b 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -4105,6 +4105,11 @@ cleanup: return( ret ); } +/* Warning: Despite accepting a length argument, this function is currently + * still lacking some bounds checks and assumes that `buf` has length + * `MBEDTLS_SSL_IN_CONTENT_LEN`. Eventually, it should be rewritten to work + * with any buffer + length pair, returning MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL + * on insufficient parsing space. */ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl, unsigned char *buf, size_t buflen )