Prevent bounds check bypass through overflow in PSK identity parsing The check `if( *p + n > end )` in `ssl_parse_client_psk_identity` is unsafe because `*p + n` might overflow, thus bypassing the check. As `n` is a user-specified value up to 65K, this is relevant if the library happens to be located in the last 65K of virtual memory. This commit replaces the check by a safe version.

commit: 83c9f495ffe70c7dd280b41fdfd4881485a3bc28 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Mon Jun 26 13:52:14 2017 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Jun 26 14:09:55 2017 +0100
tree: a318fda0a0a5d483f7cc025245ff022c4f362e85
parent: 5a1c0e716242acfc7027c78e36487f8df1786c83 [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f137c3d..97d7a9e 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -3436,7 +3436,7 @@
     /*
      * Receive client pre-shared key identity name
      */
-    if( *p + 2 > end )
+    if( end - *p < 2 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
         return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
@@ -3445,7 +3445,7 @@
     n = ( (*p)[0] << 8 ) | (*p)[1];
     *p += 2;
 
-    if( n < 1 || n > 65535 || *p + n > end )
+    if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
         return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
commit	83c9f495ffe70c7dd280b41fdfd4881485a3bc28	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Mon Jun 26 13:52:14 2017 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Jun 26 14:09:55 2017 +0100
tree	a318fda0a0a5d483f7cc025245ff022c4f362e85
parent	5a1c0e716242acfc7027c78e36487f8df1786c83 [diff] [blame]