Integer truncation uint32 to uint16 in s2n_client_psk.c binder size calculation

[cpsource]

Summary

In tls/extensions/s2n_client_psk.c lines 348-350, inside the PSK binder calculation, a uint32_t subtraction result is truncated when assigned to a uint16_t:

uint32_t binders_size = binder_list_blob.size + SIZE_OF_BINDER_LIST_SIZE;
RESULT_ENSURE_GTE(client_hello->write_cursor, binders_size);
uint16_t partial_client_hello_size = client_hello->write_cursor - binders_size;

client_hello->write_cursor is uint32_t, so the subtraction produces a uint32_t result. If the ClientHello exceeds 65535 bytes, assigning to uint16_t partial_client_hello_size silently truncates the value. This could cause an incorrect size to be passed to the subsequent s2n_blob_slice() call, potentially leading to out-of-bounds memory access.

Suggested Fix

Change partial_client_hello_size to uint32_t, or add an explicit bounds check before the assignment:

uint32_t partial_client_hello_size = client_hello->write_cursor - binders_size;
RESULT_ENSURE_LTE(partial_client_hello_size, UINT16_MAX);

Impact

Could cause memory corruption or denial of service when processing legitimate large ClientHello messages with PSK extensions.

Prior Art Search

• Searched GitHub issues for: s2n_client_psk truncation, partial_client_hello_size, PSK binder overflow, client_psk integer — no existing reports found.
• Searched git log history for s2n_client_psk.c commits referencing truncation or overflow — no prior fixes found.

Found during code review.