yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 23:45:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed potential negative value misinterpretation in load_file()

Browse Source 
(cherry picked from commit 42c3ccf36e)

Conflicts:
	library/x509parse.c
This commit is contained in:
Paul Bakker 2013-09-11 11:37:33 +02:00
parent 8648f04e47
commit 16e5f81473
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -4,6 +4,7 @@ PolarSSL ChangeLog
Security Security
* Potential buffer-overflow for ssl_read_record() (independently found by * Potential buffer-overflow for ssl_read_record() (independently found by
both TrustInSoft and Paul Brodeur of Leviathan Security Group) both TrustInSoft and Paul Brodeur of Leviathan Security Group)
* Potential negative value misinterpretation in load_file()
= Version 1.1.7 released on 2013-06-19 = Version 1.1.7 released on 2013-06-19
Changes Changes

15
library/x509parse.c
View File

@ -1727,16 +1727,27 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
int load_file( const char *path, unsigned char **buf, size_t *n ) int load_file( const char *path, unsigned char **buf, size_t *n )
{ {
FILE *f; FILE *f;
long size;
if( ( f = fopen( path, "rb" ) ) == NULL ) if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_X509_FILE_IO_ERROR ); return( POLARSSL_ERR_X509_FILE_IO_ERROR );
fseek( f, 0, SEEK_END ); fseek( f, 0, SEEK_END );
*n = (size_t) ftell( f ); if( ( size = ftell( f ) ) == -1 )
{
fclose( f );
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
}
fseek( f, 0, SEEK_SET ); fseek( f, 0, SEEK_SET );
if( ( *buf = (unsigned char *) malloc( *n + 1 ) ) == NULL ) *n = (size_t) size;
if( *n + 1 == 0 ||
( *buf = (unsigned char *) malloc( *n + 1 ) ) == NULL )
{
fclose( f );
return( POLARSSL_ERR_X509_MALLOC_FAILED ); return( POLARSSL_ERR_X509_MALLOC_FAILED );
}
if( fread( *buf, 1, *n, f ) != *n ) if( fread( *buf, 1, *n, f ) != *n )
{ {