Merge branch 'iotssl-518-winpathlen-restricted' into development-restricted

* iotssl-518-winpathlen-restricted:
  Fix potential heap corruption on Windows
This commit is contained in:
Manuel Pégourié-Gonnard 2015-11-02 11:04:59 +09:00
commit 537e2a9b58
2 changed files with 5 additions and 2 deletions

View File

@ -6,6 +6,9 @@ Security
* Fix potential double free if mbedtls_ssl_conf_psk() is called more than * Fix potential double free if mbedtls_ssl_conf_psk() is called more than
once and some allocation fails. Cannot be forced remotely. Found by Guido once and some allocation fails. Cannot be forced remotely. Found by Guido
Vranken, Intelworks. Vranken, Intelworks.
* Fix potential heap corruption on Windows when
mbedtls_x509_crt_parse_path() is passed a path longer than 2GB. Cannot be
triggered remotely. Found by Guido Vranken, Interlworks.
* The X509 max_pathlen constraint was not enforced on intermediate * The X509 max_pathlen constraint was not enforced on intermediate
certificates. Found by Nicholas Wilson, fix and tests provided by certificates. Found by Nicholas Wilson, fix and tests provided by
Janos Follath. #280 and #319 Janos Follath. #280 and #319

View File

@ -1099,7 +1099,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
WCHAR szDir[MAX_PATH]; WCHAR szDir[MAX_PATH];
char filename[MAX_PATH]; char filename[MAX_PATH];
char *p; char *p;
int len = (int) strlen( path ); size_t len = strlen( path );
WIN32_FIND_DATAW file_data; WIN32_FIND_DATAW file_data;
HANDLE hFind; HANDLE hFind;
@ -1133,7 +1133,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName, w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
lstrlenW( file_data.cFileName ), lstrlenW( file_data.cFileName ),
p, len - 1, p, (int) len - 1,
NULL, NULL ); NULL, NULL );
if( w_ret == 0 ) if( w_ret == 0 )
return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); return( MBEDTLS_ERR_X509_FILE_IO_ERROR );