eden-emu/mbedtls
19
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #972 from ronald-cron-arm/buffer-overflow-in-cid-fix

Browse source 
Fix in_cid buffer size in transform structure
This commit is contained in:
Manuel Pégourié-Gonnard 2022-11-18 09:48:12 +01:00 committed by GitHub
commit b7805b0a67
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog.d/fix-in-cid-buffer-size.txt Normal file
View file

@ -0,0 +1,4 @@
Security
* Fix potential heap buffer overread and overwrite in DTLS if
MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

2
library/ssl_misc.h
View file

@ -1021,7 +1021,7 @@ struct mbedtls_ssl_transform
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t in_cid_len; uint8_t in_cid_len;
uint8_t out_cid_len; uint8_t out_cid_len;
unsigned char in_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; unsigned char in_cid [ MBEDTLS_SSL_CID_IN_LEN_MAX ];
unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */