Merge branch 'iotssl-518-winpathlen-restricted' into development-restricted

* iotssl-518-winpathlen-restricted: Fix potential heap corruption on Windows
2024-11-26 04:55:44 +01:00 · 2015-11-02 11:04:59 +09:00 · 2015-11-02 11:04:59 +09:00 · 537e2a9b58
commit 537e2a9b58
parent f8b2442e2f 261faed725
2 changed files with 5 additions and 2 deletions
--- a/3
+++ b/3
@ -6,6 +6,9 @@ Security
   * Fix potential double free if mbedtls_ssl_conf_psk() is called more than
     once and some allocation fails. Cannot be forced remotely. Found by Guido
     Vranken, Intelworks.
+   * Fix potential heap corruption on Windows when
+     mbedtls_x509_crt_parse_path() is passed a path longer than 2GB. Cannot be
+     triggered remotely. Found by Guido Vranken, Interlworks.
   * The X509 max_pathlen constraint was not enforced on intermediate
     certificates. Found by Nicholas Wilson, fix and tests provided by
     Janos Follath. #280 and #319
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -1099,7 +1099,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
    WCHAR szDir[MAX_PATH];
    char filename[MAX_PATH];
    char *p;
-    int len = (int) strlen( path );
+    size_t len = strlen( path );

    WIN32_FIND_DATAW file_data;
    HANDLE hFind;
@ -1133,7 +1133,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )

        w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
                                     lstrlenW( file_data.cFileName ),
-                                     p, len - 1,
+                                     p, (int) len - 1,
                                     NULL, NULL );
        if( w_ret == 0 )
            return( MBEDTLS_ERR_X509_FILE_IO_ERROR );