From 2521d16ace71927dcd0010b7233ae65a5fb21105 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 5 Nov 2018 16:37:06 +0100 Subject: [PATCH] Fix buffer overflow in test mbedtls_mpi_is_prime_det --- tests/suites/test_suite_mpi.function | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 0aee44543..952cac447 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -856,13 +856,13 @@ void mbedtls_mpi_is_prime_det( char *input_X, char *witnesses, mbedtls_mpi X; int res; mbedtls_test_mpi_random rand; - uint8_t witness_buf[1000]; - uint8_t input_buf[1000]; + uint8_t *witness_buf = NULL; + uint8_t *input_buf = NULL; size_t witness_len; size_t input_len; - witness_len = unhexify( witness_buf, witnesses ); - input_len = unhexify( input_buf, input_X ); + witness_buf = unhexify_alloc( witnesses, &witness_len ); + input_buf = unhexify_alloc( input_X, &input_len ); mbedtls_mpi_init( &X ); rand.data = witness_buf; @@ -877,6 +877,8 @@ void mbedtls_mpi_is_prime_det( char *input_X, char *witnesses, exit: mbedtls_mpi_free( &X ); + mbedtls_free( witness_buf ); + mbedtls_free( input_buf ); } /* END_CASE */