mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 11:15:39 +01:00
Fix potential buffer overflow in asn1write
Ref: IOTSSL-519
This commit is contained in:
parent
80e6cffcad
commit
5388eea449
@ -6,6 +6,10 @@ Security
|
||||
* Fix potential heap corruption on Windows when
|
||||
x509_crt_parse_path() is passed a path longer than 2GB. Cannot be
|
||||
triggered remotely. Found by Guido Vranken, Interlworks.
|
||||
* Fix potential buffer overflow in some asn1_write_xxx() functions.
|
||||
Cannot be triggered remotely unless you create X.509 certificates based
|
||||
on untrusted input or write keys of untrusted origin. Found by Guido
|
||||
Vranken, Interlworks.
|
||||
|
||||
= Version 1.2.17 released 2015-10-06
|
||||
|
||||
|
@ -78,7 +78,7 @@ int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X )
|
||||
//
|
||||
len = mpi_size( X );
|
||||
|
||||
if( *p - start < (int) len )
|
||||
if( *p < start || (size_t)( *p - start ) < len )
|
||||
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
(*p) -= len;
|
||||
@ -127,7 +127,7 @@ int asn1_write_oid( unsigned char **p, unsigned char *start, char *oid )
|
||||
//
|
||||
len = strlen( oid );
|
||||
|
||||
if( *p - start < (int) len )
|
||||
if( *p < start || (size_t)( *p - start ) < len )
|
||||
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
(*p) -= len;
|
||||
@ -203,7 +203,7 @@ int asn1_write_printable_string( unsigned char **p, unsigned char *start,
|
||||
//
|
||||
len = strlen( text );
|
||||
|
||||
if( *p - start < (int) len )
|
||||
if( *p < start || (size_t)( *p - start ) < len )
|
||||
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
(*p) -= len;
|
||||
@ -225,7 +225,7 @@ int asn1_write_ia5_string( unsigned char **p, unsigned char *start,
|
||||
//
|
||||
len = strlen( text );
|
||||
|
||||
if( *p - start < (int) len )
|
||||
if( *p < start || (size_t)( *p - start ) < len )
|
||||
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
(*p) -= len;
|
||||
|
Loading…
Reference in New Issue
Block a user