mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 15:14:17 +01:00
Fix other int casts in bounds checking
Not a security issue as here we know the buffer is large enough (unless
something else if badly wrong in the code), and the value cast to int is less
than 2^16 (again, unless issues elsewhere).
Still changing to a more correct check as a matter of principle
backport of bc5e508
This commit is contained in:
parent
8abc22dde5
commit
5ca3640fa7
@ -949,11 +949,16 @@ int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex )
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||
if( key_ex == POLARSSL_KEY_EXCHANGE_PSK )
|
||||
{
|
||||
if( end - p < 2 + (int) ssl->psk_len )
|
||||
if( end - p < 2 )
|
||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
||||
*(p++) = (unsigned char)( ssl->psk_len );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < ssl->psk_len )
|
||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
memset( p, 0, ssl->psk_len );
|
||||
p += ssl->psk_len;
|
||||
}
|
||||
else
|
||||
@ -1021,11 +1026,15 @@ int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex )
|
||||
}
|
||||
|
||||
/* opaque psk<0..2^16-1>; */
|
||||
if( end - p < 2 + (int) ssl->psk_len )
|
||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||
if( end - p < 2 )
|
||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
||||
*(p++) = (unsigned char)( ssl->psk_len );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < ssl->psk_len )
|
||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
memcpy( p, ssl->psk, ssl->psk_len );
|
||||
p += ssl->psk_len;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user