Avoid seemingly-possible overflow By looking just at that test, it looks like 2 + dn_size could overflow. In fact that can't happen as that would mean we've read a CA cert of size is too big to be represented by a size_t. However, it's best for code to be more obviously free of overflow without having to reason about the bigger picture.

commit: 7f17155ac6c7cd7e191aa090bfe2547094c327c8 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Dec 10 14:36:25 2015 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Dec 10 14:36:25 2015 +0100
tree: 2a984d131cb519f988dc7ba69fc9b45221df0bee
parent: acbb0501186b1751373eafae862ddfd778dda11f [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 9afd399..6b5b461 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -2584,7 +2584,9 @@
     {
         dn_size = crt->subject_raw.len;
 
-        if( end < p || (size_t)( end - p ) < 2 + dn_size )
+        if( end < p ||
+            (size_t)( end - p ) < dn_size ||
+            (size_t)( end - p ) < 2 + dn_size )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
             break;
commit	7f17155ac6c7cd7e191aa090bfe2547094c327c8	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Dec 10 14:36:25 2015 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Dec 10 14:36:25 2015 +0100
tree	2a984d131cb519f988dc7ba69fc9b45221df0bee
parent	acbb0501186b1751373eafae862ddfd778dda11f [diff] [blame]