From c8df898204584e92b9e5001847788d899b34353d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Oct 2023 14:58:16 +0200 Subject: [PATCH] Fix buffer overflow in TLS 1.2 ClientKeyExchange parsing Fix a buffer overflow in TLS 1.2 ClientKeyExchange parsing. When MBEDTLS_USE_PSA_CRYPTO is enabled, the length of the public key in an ECDH or ECDHE key exchange was not validated. This could result in an overflow of handshake->xxdh_psa_peerkey, overwriting further data in the handshake structure or further on the heap. Signed-off-by: Gilles Peskine --- library/ssl_tls12_server.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index d2143ac15..ed2fbd1d6 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3734,6 +3734,11 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) } /* Store peer's ECDH public key. */ + MBEDTLS_SSL_DEBUG_MSG(3, ("data_len=%zu sizeof(handshake->xxdh_psa_peerkey)=%zu", data_len, sizeof(handshake->xxdh_psa_peerkey))); + if (data_len > sizeof(handshake->xxdh_psa_peerkey)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid data length")); + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } memcpy(handshake->xxdh_psa_peerkey, p, data_len); handshake->xxdh_psa_peerkey_len = data_len;