Overview

File CVE-2017-18187.patch of Package mbedtls.7991

References: 83c9f495ffe70c7dd280b41fdfd4881485a3bc28
---
 library/ssl_srv.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Index: library/ssl_srv.c
===================================================================
--- library/ssl_srv.c.orig
+++ library/ssl_srv.c
@@ -3018,7 +3018,8 @@ static int ssl_parse_client_psk_identity
     /*
      * Receive client pre-shared key identity name
      */
-    if( *p + 2 > end )
+    if( end - *p < 2 )
+
     {
         SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
         return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
@@ -3027,7 +3028,7 @@ static int ssl_parse_client_psk_identity
     n = ( (*p)[0] << 8 ) | (*p)[1];
     *p += 2;
 
-    if( n < 1 || n > 65535 || *p + n > end )
+    if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) )
     {
         SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
         return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
openSUSE Build Service is sponsored by
Places