tls: Add overread/overwrite check failure tracking
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 1280241..816beea 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -381,11 +381,36 @@
* \return Zero if the needed space is available in the buffer, non-zero
* otherwise.
*/
+#if ! defined(MBEDTLS_TEST_HOOKS)
static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
const uint8_t *end, size_t need )
{
return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
}
+#else
+typedef struct
+{
+ const uint8_t *cur;
+ const uint8_t *end;
+ size_t need;
+} mbedtls_ssl_chk_buf_ptr_args;
+
+void mbedtls_ssl_set_chk_buf_ptr_fail_args(
+ const uint8_t *cur, const uint8_t *end, size_t need );
+void mbedtls_ssl_reset_chk_buf_ptr_fail_args( void );
+int mbedtls_ssl_cmp_chk_buf_ptr_fail_args( mbedtls_ssl_chk_buf_ptr_args *args );
+
+static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
+ const uint8_t *end, size_t need )
+{
+ if( ( cur > end ) || ( need > (size_t)( end - cur ) ) )
+ {
+ mbedtls_ssl_set_chk_buf_ptr_fail_args( cur, end, need );
+ return( 1 );
+ }
+ return( 0 );
+}
+#endif
/**
* \brief This macro checks if the remaining size in a buffer is
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 668b5ec..55b7f85 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -58,6 +58,30 @@
#include "mbedtls/oid.h"
#endif
+#if defined(MBEDTLS_TEST_HOOKS)
+static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args;
+
+void mbedtls_ssl_set_chk_buf_ptr_fail_args(
+ const uint8_t *cur, const uint8_t *end, size_t need )
+{
+ chk_buf_ptr_fail_args.cur = cur;
+ chk_buf_ptr_fail_args.end = end;
+ chk_buf_ptr_fail_args.need = need;
+}
+
+void mbedtls_ssl_reset_chk_buf_ptr_fail_args( void )
+{
+ memset( &chk_buf_ptr_fail_args, 0, sizeof( chk_buf_ptr_fail_args ) );
+}
+
+int mbedtls_ssl_cmp_chk_buf_ptr_fail_args( mbedtls_ssl_chk_buf_ptr_args *args )
+{
+ return( ( chk_buf_ptr_fail_args.cur != args->cur ) ||
+ ( chk_buf_ptr_fail_args.end != args->end ) ||
+ ( chk_buf_ptr_fail_args.need != args->need ) );
+}
+#endif /* MBEDTLS_TEST_HOOKS */
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1103,6 +1127,8 @@
memset( ssl->in_buf, 0, in_buf_len );
}
+ ssl->send_alert = 0;
+
/* Reset outgoing message writing */
ssl->out_msgtype = 0;
ssl->out_msglen = 0;