yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 17:25:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix NULL dereference in buffer-based allocator

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-11-26 15:42:16 +01:00 committed by Paul Bakker
parent 765bb31d24
commit 547ff6618f
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -9,6 +9,12 @@ Features
* Add support for Extended Master Secret (draft-ietf-tls-session-hash) * Add support for Extended Master Secret (draft-ietf-tls-session-hash)
* Add support for Encrypt-then-MAC (RFC 7366) * Add support for Encrypt-then-MAC (RFC 7366)
Security
* NULL pointer dereference in the buffer-based allocator when the buffer is
full and polarssl_free() is called (found by Jean-Philippe Aumasson)
(only possible if POLARSSL_MEMORY_BUFFER_ALLOC_C is enabled, which it is
not by default).
Bugfix Bugfix
* Stack buffer overflow if ctr_drbg_update() is called with too large * Stack buffer overflow if ctr_drbg_update() is called with too large
add_len (found by Jean-Philippe Aumasson) (not triggerable remotely). add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).

1
library/memory_buffer_alloc.c
View File

@ -484,6 +484,7 @@ static void buffer_alloc_free( void *ptr )
if( old == NULL ) if( old == NULL )
{ {
hdr->next_free = heap.first_free; hdr->next_free = heap.first_free;
if( heap.first_free != NULL )
heap.first_free->prev_free = hdr; heap.first_free->prev_free = hdr;
heap.first_free = hdr; heap.first_free = hdr;
} }