Prevent arithmetic overflow on bould check

This commit is contained in:
Krzysztof Stachowiak 2018-03-14 11:41:47 +01:00
parent b3e8f9e2e6
commit b5609f3ca5

View File

@ -2488,7 +2488,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
sig_len = ( p[0] << 8 ) | p[1]; sig_len = ( p[0] << 8 ) | p[1];
p += 2; p += 2;
if( end != p + sig_len ) if( p != end - sig_len )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,