mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 16:55:43 +01:00
Fix potential buffer overflow in asn1write
This commit is contained in:
parent
cdea97c1c3
commit
22c3b7b9da
@ -1,5 +1,13 @@
|
||||
mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= mbed TLS 2.2.R0released 2015-10-xx
|
||||
|
||||
Security
|
||||
* Fix potential buffer overflow in some asn1_write_xxx() functions.
|
||||
Cannot be triggered remotely unless you create X.509 certificates based
|
||||
on untrusted input or write keys of untrusted origin. Found by Guido
|
||||
Vranken, Interlworks.
|
||||
|
||||
= mbed TLS 2.1.2 released 2015-10-06
|
||||
|
||||
Security
|
||||
|
@ -87,7 +87,7 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
|
||||
{
|
||||
size_t len = 0;
|
||||
|
||||
if( *p - start < (int) size )
|
||||
if( *p < start || (size_t)( *p - start ) < size )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
len = size;
|
||||
@ -107,7 +107,7 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedt
|
||||
//
|
||||
len = mbedtls_mpi_size( X );
|
||||
|
||||
if( *p - start < (int) len )
|
||||
if( *p < start || (size_t)( *p - start ) < len )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
(*p) -= len;
|
||||
@ -270,7 +270,7 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
|
||||
|
||||
// Calculate byte length
|
||||
//
|
||||
if( *p - start < (int) size + 1 )
|
||||
if( *p < start || (size_t)( *p - start ) < size + 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
len = size + 1;
|
||||
|
Loading…
Reference in New Issue
Block a user