mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 17:34:15 +01:00
Fix integer overflow in mbedtls_base64_decode()
Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed.
This commit is contained in:
parent
a697bf503a
commit
3e3698ca30
@ -1,5 +1,11 @@
|
|||||||
mbed TLS ChangeLog (Sorted per branch, date)
|
mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
|
= mbed TLS 1.x.x branch released xxxx-xx-xx
|
||||||
|
|
||||||
|
Bugfix
|
||||||
|
* Fixed potential arithmetic overflow in mbedtls_base64_decode() that could
|
||||||
|
cause buffer bound checks to be bypassed. Found by Eyal Itkin.
|
||||||
|
|
||||||
= mbed TLS 1.3.18 branch 2016-10-17
|
= mbed TLS 1.3.18 branch 2016-10-17
|
||||||
|
|
||||||
Security
|
Security
|
||||||
|
@ -198,7 +198,7 @@ int base64_decode( unsigned char *dst, size_t *dlen,
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
n = ( ( n * 6 ) + 7 ) >> 3;
|
n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
|
||||||
n -= j;
|
n -= j;
|
||||||
|
|
||||||
if( dst == NULL || *dlen < n )
|
if( dst == NULL || *dlen < n )
|
||||||
|
Loading…
Reference in New Issue
Block a user