Missing assignment of handshake->certificate_request_context_len in ssl_tls13_parse_certificate_request

[MegaManSec]

Summary

I believe there's a bug in ssl_tls13_parse_certificate_request() in library/ssl_tls13_client.c.

The bug is here:

mbedtls/library/ssl_tls13_client.c

Lines 2411 to 2424 in b180696

	if (certificate_request_context_len > 0) {
	MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, certificate_request_context_len);
	MBEDTLS_SSL_DEBUG_BUF(3, "Certificate Request Context",
	p, certificate_request_context_len);
	handshake->certificate_request_context =
	mbedtls_calloc(1, certificate_request_context_len);
	if (handshake->certificate_request_context == NULL) {
	MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small"));
	return MBEDTLS_ERR_SSL_ALLOC_FAILED;
	}
	memcpy(handshake->certificate_request_context, p,
	certificate_request_context_len);
	p += certificate_request_context_len;

. certificate_request_context_len is used, but handshake->certificate_request_context_len is never set to certificate_request_context_len after the memcpy to handshake->certificate_request_context. AFAICT, handshake->certificate_request_context_len is never set anywhere so is kind of stuck at 0.

System information

Mbed TLS version (number or commit id): b180696
Operating system and version: all
Configuration (if not default, please attach mbedtls_config.h): all
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): all
Additional environment information: all

Expected behavior

length of certificate request context is set

Actual behavior

length of certificate request context is stuck at 0

Steps to reproduce

Additional information