mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 17:05:36 +01:00
Avoid seemingly-possible overflow
By looking just at that test, it looks like 2 + dn_size could overflow. In fact that can't happen as that would mean we've read a CA cert of size is too big to be represented by a size_t. However, it's best for code to be more obviously free of overflow without having to reason about the bigger picture.
This commit is contained in:
parent
7da96958a6
commit
7f890c3e96
@ -2474,7 +2474,9 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
dn_size = crt->subject_raw.len;
|
||||
|
||||
if( end < p || (size_t)( end - p ) < 2 + dn_size )
|
||||
if( end < p ||
|
||||
(size_t)( end - p ) < dn_size ||
|
||||
(size_t)( end - p ) < 2 + dn_size )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user