dtls.c: Fixed possible integer underflow in dtls_cookie_create()

obgm · obgm · commit 68a1cdaff9e3 · 2019-05-16T15:13:02.000+02:00
The sender-provided fragment_length must be sanity-checked before using as length parameter for dtls_create_cookie(). Fixes https://bugs.eclipse.org/bugs/show_bug.cgi?id=534333 Change-Id: I7168f408b12739057331c2de7d1d661e829a3f39
diff --git a/dtls.c b/dtls.c
@@ -343,7 +343,7 @@ dtls_create_cookie(dtls_context_t *ctx,
 		   uint8 *msg, size_t msglen,
 		   uint8 *cookie, int *clen) {
   unsigned char buf[DTLS_HMAC_MAX];
-  size_t e;
+  size_t e, fragment_length;
   int len;
 
   /* create cookie with HMAC-SHA256 over:
@@ -383,9 +383,13 @@ dtls_create_cookie(dtls_context_t *ctx,
   if (e + DTLS_HS_LENGTH > msglen)
     return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE);
 
+  fragment_length = dtls_get_fragment_length(DTLS_HANDSHAKE_HEADER(msg));
+  if ((fragment_length < e) || (e + DTLS_HS_LENGTH + fragment_length) > msglen)
+    return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE);
+
   dtls_hmac_update(&hmac_context,
 		   msg + DTLS_HS_LENGTH + e,
-		   dtls_get_fragment_length(DTLS_HANDSHAKE_HEADER(msg)) - e);
+		   fragment_length - e);
 
   len = dtls_hmac_finalize(&hmac_context, buf);
 
