From ffab6084f0fb2276f24d54facbb254333310e4de Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Thu, 19 Apr 2018 11:50:11 +0800
Subject: [PATCH] mbedtls: Prevent arithmetic overflow on bounds check

Part of the patch for CVE-2018-9989.
Cherry-picked from https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e.
Ref. https://github.com/espressif/esp-idf/issues/1860
---
 components/mbedtls/library/ssl_cli.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/mbedtls/library/ssl_cli.c b/components/mbedtls/library/ssl_cli.c
index 42363f0ead..f9109a7550 100644
--- a/components/mbedtls/library/ssl_cli.c
+++ b/components/mbedtls/library/ssl_cli.c
@@ -2052,7 +2052,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
     len = (*p)[0] << 8 | (*p)[1];
     *p += 2;
 
-    if( (*p) + len > end )
+    if( (*p) > end - len )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
                                     "(psk_identity_hint length)" ) );