Apply check read ptr macro
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
parent
fd532e506b
commit
de4fb2cc34
1 changed files with 12 additions and 40 deletions
|
|
@ -570,7 +570,7 @@ static int ssl_tls1_3_parse_key_share_ext( mbedtls_ssl_context *ssl,
|
||||||
uint16_t server_share_group, offered_group;
|
uint16_t server_share_group, offered_group;
|
||||||
|
|
||||||
/* server_share_group (2 bytes) */
|
/* server_share_group (2 bytes) */
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2);
|
||||||
server_share_group = MBEDTLS_GET_UINT16_BE( p, 0 );
|
server_share_group = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||||
p += 2;
|
p += 2;
|
||||||
|
|
||||||
|
|
@ -979,10 +979,10 @@ static int ssl_tls1_3_check_server_hello_session_id( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *p = *buf;
|
const unsigned char *p = *buf;
|
||||||
size_t recv_id_len;
|
size_t recv_id_len;
|
||||||
|
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
|
||||||
recv_id_len = *p++ ;
|
recv_id_len = *p++ ;
|
||||||
|
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, recv_id_len );
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, recv_id_len );
|
||||||
|
|
||||||
/* legacy_session_id_echo */
|
/* legacy_session_id_echo */
|
||||||
if( ssl->session_negotiate->id_len != recv_id_len )
|
if( ssl->session_negotiate->id_len != recv_id_len )
|
||||||
|
|
@ -1042,13 +1042,12 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *buf,
|
const unsigned char *buf,
|
||||||
const unsigned char *end )
|
const unsigned char *end )
|
||||||
{
|
{
|
||||||
|
|
||||||
int ret;
|
int ret;
|
||||||
const unsigned char *p = buf;
|
const unsigned char *p = buf;
|
||||||
size_t field_len; /* Length of field */
|
size_t field_len; /* Length of field */
|
||||||
const unsigned char *ext_end; /* Pointer to end of individual extension */
|
const unsigned char *ext_end; /* Pointer to end of individual extension */
|
||||||
uint16_t cipher_suite;
|
uint16_t cipher_suite;
|
||||||
const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
|
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Check there is space for minimal fields
|
* Check there is space for minimal fields
|
||||||
|
|
@ -1059,14 +1058,7 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||||
* - cipher_suite ( 2 bytes)
|
* - cipher_suite ( 2 bytes)
|
||||||
* - legacy_compression_method ( 1 byte )
|
* - legacy_compression_method ( 1 byte )
|
||||||
*/
|
*/
|
||||||
if( mbedtls_ssl_chk_buf_ptr( p, end, 38 ) != 0 )
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 38 );
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
|
||||||
( "bad server hello message - min size not reached" ) );
|
|
||||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
|
||||||
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
|
||||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
|
||||||
}
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "server hello", p, end - p );
|
MBEDTLS_SSL_DEBUG_BUF( 4, "server hello", p, end - p );
|
||||||
|
|
||||||
|
|
@ -1106,7 +1098,7 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
/* Read server-selected ciphersuite,
|
/* Read server-selected ciphersuite,
|
||||||
Check if there is space for cipher_suite. */
|
Check if there is space for cipher_suite. */
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2);
|
||||||
cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
|
cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||||
p += 2;
|
p += 2;
|
||||||
|
|
||||||
|
|
@ -1153,7 +1145,7 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||||
*
|
*
|
||||||
* legacy_compression_method == 0 ( 1 byte)
|
* legacy_compression_method == 0 ( 1 byte)
|
||||||
*/
|
*/
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
|
||||||
if( p[0] != 0 )
|
if( p[0] != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
||||||
|
|
@ -1164,26 +1156,13 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||||
p++;
|
p++;
|
||||||
|
|
||||||
/* Check there is space fore extensions_length */
|
/* Check there is space fore extensions_length */
|
||||||
if( mbedtls_ssl_chk_buf_ptr( p, end, 2 ) != 0 )
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
|
||||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
|
||||||
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
|
||||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Get length of extensions field (2 bytes)*/
|
/* Get length of extensions field (2 bytes)*/
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
|
|
||||||
field_len = MBEDTLS_GET_UINT16_BE( p, 0 );
|
field_len = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||||
p += 2;
|
p += 2;
|
||||||
|
|
||||||
/* Check there is space for extensions_data */
|
/* Check there is space for extensions_data */
|
||||||
if( mbedtls_ssl_chk_buf_ptr( p, end, field_len ) != 0 )
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, field_len );
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
|
||||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
|
||||||
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
|
||||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
|
||||||
}
|
|
||||||
/* Set end of extensions */
|
/* Set end of extensions */
|
||||||
ext_end = p + field_len;
|
ext_end = p + field_len;
|
||||||
|
|
||||||
|
|
@ -1209,18 +1188,12 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||||
* extension_type (2 bytes)
|
* extension_type (2 bytes)
|
||||||
* extension_data_length (2 bytes)
|
* extension_data_length (2 bytes)
|
||||||
*/
|
*/
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, ext_end, 4 );
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, ext_end, 4 );
|
||||||
extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
|
extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||||
extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
|
extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
|
||||||
p += 4;
|
p += 4;
|
||||||
|
|
||||||
if( mbedtls_ssl_chk_buf_ptr( p, ext_end, extension_data_len ) != 0 )
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, ext_end, extension_data_len );
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
|
||||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
|
||||||
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
|
||||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
|
||||||
}
|
|
||||||
|
|
||||||
switch( extension_type )
|
switch( extension_type )
|
||||||
{
|
{
|
||||||
|
|
@ -1393,7 +1366,6 @@ static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
|
||||||
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
|
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
|
||||||
ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
|
ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
|
||||||
|
|
||||||
|
|
||||||
ret = ssl_server_hello_coordinate( ssl, &buf, &buf_len );
|
ret = ssl_server_hello_coordinate( ssl, &buf, &buf_len );
|
||||||
/* Parsing step
|
/* Parsing step
|
||||||
* We know what message to expect by now and call
|
* We know what message to expect by now and call
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue