mirror of
https://github.com/espressif/esp-idf.git
synced 2025-10-01 11:26:15 +00:00
TLS: Fix unsigned int underflow in internal TLS 1.0/1.1 implementation
Taking sizeof(ptr) is incorrect to determine size of passed in hash and results in hlen getting set to a very large value since MD5_MAC_LEN > sizeof(ptr). Provide the actual size of the hash buffer from the caller to fix this. tls_key_x_server_params_hash() callers src/tls/tlsv1_client_read.c and src/tls/tlsv1_server_write.c both pass in a large enough hash (hash[64] or hash[100]) that this does not appear to have an impact, though it is still wrong. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
This commit is contained in:

committed by
Sarvesh Bodakhe

parent
b58dbf2808
commit
b3e4aae7bb
@@ -380,7 +380,7 @@ int tlsv12_key_x_server_params_hash(u16 tls_version, u8 hash_alg,
|
||||
int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random,
|
||||
const u8 *server_random,
|
||||
const u8 *server_params,
|
||||
size_t server_params_len, u8 *hash)
|
||||
size_t server_params_len, u8 *hash, size_t hsz)
|
||||
{
|
||||
u8 *hpos;
|
||||
size_t hlen;
|
||||
@@ -395,6 +395,8 @@ int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random,
|
||||
crypto_hash_update(ctx, server_random, TLS_RANDOM_LEN);
|
||||
crypto_hash_update(ctx, server_params, server_params_len);
|
||||
hlen = MD5_MAC_LEN;
|
||||
if (hsz < hlen)
|
||||
return -1;
|
||||
if (crypto_hash_finish(ctx, hash, &hlen) < 0)
|
||||
return -1;
|
||||
hpos += hlen;
|
||||
@@ -405,7 +407,7 @@ int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random,
|
||||
crypto_hash_update(ctx, client_random, TLS_RANDOM_LEN);
|
||||
crypto_hash_update(ctx, server_random, TLS_RANDOM_LEN);
|
||||
crypto_hash_update(ctx, server_params, server_params_len);
|
||||
hlen = hash + sizeof(hash) - hpos;
|
||||
hlen = hsz - hlen;
|
||||
if (crypto_hash_finish(ctx, hpos, &hlen) < 0)
|
||||
return -1;
|
||||
hpos += hlen;
|
||||
|
Reference in New Issue
Block a user