mbedtls: Prevent arithmetic overflow on bounds check

Part of the patch for CVE-2018-9989. Cherry-picked from 5224a7544c. Ref. https://github.com/espressif/esp-idf/issues/1860
2024-10-05 20:47:46 -04:00 · 2018-04-19 11:50:11 +08:00 · 2018-04-19 11:50:11 +08:00 · ffab6084f0
commit ffab6084f0
parent f58c664e2b
1 changed files with 1 additions and 1 deletions
--- a/components/mbedtls/library/ssl_cli.c
+++ b/components/mbedtls/library/ssl_cli.c
@ -2052,7 +2052,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
    len = (*p)[0] << 8 | (*p)[1];
    *p += 2;

-    if( (*p) + len > end )
+    if( (*p) > end - len )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
                                    "(psk_identity_hint length)" ) );