yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 22:45:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Avoid seemingly-possible overflow

Browse Source 
By looking just at that test, it looks like 2 + dn_size could overflow. In
fact that can't happen as that would mean we've read a CA cert of size is too
big to be represented by a size_t.

However, it's best for code to be more obviously free of overflow without
having to reason about the bigger picture.
This commit is contained in:
Manuel Pégourié-Gonnard 2015-12-10 14:36:25 +01:00
parent 7da96958a6
commit 7f890c3e96
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/ssl_srv.c
View File

@ -2474,7 +2474,9 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
{
dn_size = crt->subject_raw.len;
if( end < p || (size_t)( end - p ) < 2 + dn_size )
if( end < p ||
(size_t)( end - p ) < dn_size ||
(size_t)( end - p ) < 2 + dn_size )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
break;