diff options
| author | Michael Brown | 2016-03-11 17:09:40 +0100 |
|---|---|---|
| committer | Michael Brown | 2016-03-11 17:09:40 +0100 |
| commit | 05dcb07cb239d8b7abe33f7701dbb81f370cea4b (patch) | |
| tree | c3f9bbe7dc3d16458aa8c564386e0b6b78c73702 /src/crypto | |
| parent | [efi] Work around broken GetFontInfo() implementations (diff) | |
| download | ipxe-05dcb07cb239d8b7abe33f7701dbb81f370cea4b.tar.gz ipxe-05dcb07cb239d8b7abe33f7701dbb81f370cea4b.tar.xz ipxe-05dcb07cb239d8b7abe33f7701dbb81f370cea4b.zip | |
[tls] Avoid potential out-of-bound reads in length fields
Many TLS records contain variable-length fields. We currently
validate the overall record length, but do so only after reading the
length of the variable-length field. If the record is too short to
even contain the length field, then we may read uninitialised data
from beyond the end of the record.
This is harmless in practice (since the subsequent overall record
length check would fail regardless of the value read from the
uninitialised length field), but causes warnings from some analysis
tools.
Fix by validating that the overall record length is sufficient to
contain the length field before reading from the length field.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/crypto')
0 files changed, 0 insertions, 0 deletions