Skip to content

Commit

Permalink
Fix issue #2718 (condition always false)
Browse files Browse the repository at this point in the history
  • Loading branch information
@irwir
irwir committed Oct 31, 2019
1 parent c835672 commit 0cac0e7
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
4 changes: 2 additions & 2 deletions library/ssl_cli.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2339,7 +2339,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
unsigned char *end )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t len;
uint16_t len;
((void) ssl);

/*
Expand All @@ -2356,7 +2356,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
len = (*p)[0] << 8 | (*p)[1];
*p += 2;

if( end - (*p) < (int) len )
if( end - (*p) < len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
"(psk_identity_hint length)" ) );
Expand Down
6 changes: 3 additions & 3 deletions library/ssl_srv.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3810,7 +3810,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
const unsigned char *end )
{
int ret = 0;
size_t n;
uint16_t n;

if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 )
{
Expand All @@ -3821,7 +3821,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
/*
* Receive client pre-shared key identity name
*/
if( end - *p < 2 )
if( end < *p + 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
Expand All @@ -3830,7 +3830,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
n = ( (*p)[0] << 8 ) | (*p)[1];
*p += 2;

if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) )
if( n == 0 || end < *p + n )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
Expand Down

0 comments on commit 0cac0e7

Please sign in to comment.