[nrf noup] Fix buffer overread with stream cipher

frkv · cvinayak · commit acea48fc8a5e · 2023-10-17T14:44:21.000+02:00
Recreated from commit faf0b86 which provides the following information "With stream ciphers, add a check that there's enough room to read a MAC in the record. Without this check, subtracting the MAC length from the data length resulted in an integer underflow, causing the MAC calculation to try reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread." This commit is a "noup" since TLS/DTLS is undergoing refactoring and the content of the commit had to be recreated. Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
@@ -1330,8 +1330,16 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
     if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
     {
+        if (rec->data_len < transform->maclen) {
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  ("Record too short for MAC:"
+                                   " %" MBEDTLS_PRINTF_SIZET " < %" MBEDTLS_PRINTF_SIZET,
+                                   rec->data_len, transform->maclen));
+            return MBEDTLS_ERR_SSL_INVALID_MAC;
+        }
+
         /* The only supported stream cipher is "NULL",
-         * so there's nothing to do here.*/
+         * so there's no encryption to do here.*/
     }
     else
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */
