mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 03:15:45 +01:00
Fix other int casts in bounds checking
Not a security issue as here we know the buffer is large enough (unless
something else if badly wrong in the code), and the value cast to int is less
than 2^16 (again, unless issues elsewhere).
Still changing to a more correct check as a matter of principle
backport of bc5e508
This commit is contained in:
parent
8abc22dde5
commit
5ca3640fa7
@ -949,11 +949,16 @@ int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex )
|
|||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||||
if( key_ex == POLARSSL_KEY_EXCHANGE_PSK )
|
if( key_ex == POLARSSL_KEY_EXCHANGE_PSK )
|
||||||
{
|
{
|
||||||
if( end - p < 2 + (int) ssl->psk_len )
|
if( end - p < 2 )
|
||||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
||||||
*(p++) = (unsigned char)( ssl->psk_len );
|
*(p++) = (unsigned char)( ssl->psk_len );
|
||||||
|
|
||||||
|
if( end < p || (size_t)( end - p ) < ssl->psk_len )
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
memset( p, 0, ssl->psk_len );
|
||||||
p += ssl->psk_len;
|
p += ssl->psk_len;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -1021,11 +1026,15 @@ int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex )
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* opaque psk<0..2^16-1>; */
|
/* opaque psk<0..2^16-1>; */
|
||||||
if( end - p < 2 + (int) ssl->psk_len )
|
if( end - p < 2 )
|
||||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
||||||
*(p++) = (unsigned char)( ssl->psk_len );
|
*(p++) = (unsigned char)( ssl->psk_len );
|
||||||
|
|
||||||
|
if( end < p || (size_t)( end - p ) < ssl->psk_len )
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
memcpy( p, ssl->psk, ssl->psk_len );
|
memcpy( p, ssl->psk, ssl->psk_len );
|
||||||
p += ssl->psk_len;
|
p += ssl->psk_len;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user