CID444418. Fix for finishSz checking with TLSv1.3 and WOLFSSL_HAVE_TLS_UNIQUE.

2025-07-29 18:27:29 +02:00 · 2024-12-24 13:38:57 -08:00
parent 2bcad989da
commit e1baf27831
1 changed files with 3 additions and 3 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@ -10865,12 +10865,12 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
    }

    if (sniff == NO_SNIFF) {
-        ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz);

-        if (finishedSz > WOLFSSL_MAX_8BIT) {
+        ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz);
+    #ifdef WOLFSSL_HAVE_TLS_UNIQUE
+        if (finishedSz > TLS_FINISHED_SZ_MAX) {
            return BUFFER_ERROR;
        }
-    #ifdef WOLFSSL_HAVE_TLS_UNIQUE
        if (ssl->options.side == WOLFSSL_CLIENT_END) {
            XMEMCPY(ssl->serverFinished, mac, finishedSz);
            ssl->serverFinished_len = (byte)finishedSz;