[nrf noup] Fix buffer overread with stream cipher

Recreated from commit faf0b86
which provides the following information

"With stream ciphers, add a check that there's enough room to read a MAC
in the record. Without this check, subtracting the MAC length from the
data length resulted in an integer underflow, causing the MAC calculation
to try reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer
overread."

This commit is a "noup" since TLS/DTLS is undergoing refactoring and
the content of the commit had to be recreated.

Signed-off-by: Frank Audun Kvamtrø <[email protected]>

Author: frkv

library/ssl_msg.c

@@ -1330,8 +1330,16 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
     if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
     {
+        if (rec->data_len < transform->maclen) {
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  ("Record too short for MAC:"
+                                   " %" MBEDTLS_PRINTF_SIZET " < %" MBEDTLS_PRINTF_SIZET,
+                                   rec->data_len, transform->maclen));
+            return MBEDTLS_ERR_SSL_INVALID_MAC;
+        }
+
         /* The only supported stream cipher is "NULL",
-         * so there's nothing to do here.*/
+         * so there's no encryption to do here.*/
     }
     else
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */