From 46520ea52d99f0d1fff225717a96294dc57cf7b7 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Tue, 25 Jul 2023 11:41:28 +0200
Subject: [PATCH] tls12: check buffer size before memcpy-ing data into it

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 library/ssl_tls12_client.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 9f37fdcf36..ff116ad029 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -1774,9 +1774,10 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
         return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    /* xxdh_psa_peerkey is sized after maximum supported FFDH public key.
-     * PSA_VENDOR_FFDH_MAX_KEY_BITS is always larger than EC public key, so
-     * we can skip the buffer size check before the memcpy-ing data into it. */
+    if (ecpoint_len > PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)) {
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+    }
+
     memcpy(handshake->xxdh_psa_peerkey, *p, ecpoint_len);
     handshake->xxdh_psa_peerkey_len = ecpoint_len;
     *p += ecpoint_len;