Merge branch mbedtls-1.3-fix-arithmetic-overflows

Fix potential integer overflows in the following functions: * mbedtls_md2_update() * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed.
2024-11-23 15:35:50 +01:00 · 2017-02-01 21:46:47 +00:00 · 2017-02-01 21:46:47 +00:00 · 0289920d12
commit 0289920d12
parent 40d8cc7181 593e8b2793
4 changed files with 15 additions and 4 deletions
--- a/10
+++ b/10
@ -1,5 +1,15 @@
 mbed TLS ChangeLog (Sorted per branch, date)

+= mbed TLS 1.3.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could
+     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+   * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could
+     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+   * Fixed potential arithmetic overflow in mbedtls_md2_update() that could
+     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+
 = mbed TLS 1.3.18 branch 2016-10-17

 Security
--- a/library/cipher.c
+++ b/library/cipher.c
@ -315,9 +315,9 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input,
         * If there is not enough data for a full block, cache it.
         */
        if( ( ctx->operation == POLARSSL_DECRYPT &&
-                ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
+                ilen <= cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ||
             ( ctx->operation == POLARSSL_ENCRYPT &&
-                ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
+                ilen < cipher_get_block_size( ctx ) - ctx->unprocessed_len ) )
        {
            memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
                    ilen );
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@ -277,7 +277,8 @@ int ctr_drbg_reseed( ctr_drbg_context *ctx,
    unsigned char seed[CTR_DRBG_MAX_SEED_INPUT];
    size_t seedlen = 0;

-    if( ctx->entropy_len + len > CTR_DRBG_MAX_SEED_INPUT )
+    if( ctx->entropy_len > CTR_DRBG_MAX_SEED_INPUT ||
+        len > CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
        return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG );

    memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT );
--- a/library/md2.c
+++ b/library/md2.c
@ -155,7 +155,7 @@ void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen )

    while( ilen > 0 )
    {
-        if( ctx->left + ilen > 16 )
+        if( ilen > 16 - ctx->left )
            fill = 16 - ctx->left;
        else
            fill = ilen;