Add check for iv_off in AES-CFB128 and AES-OFB

The check is mandatory as skipping it results in buffer overread of arbitrary size.
2024-11-22 11:25:42 +01:00 · 2018-12-18 10:03:30 +01:00 · 2018-12-18 10:03:30 +01:00 · 5b89c09273
commit 5b89c09273
parent 998a358529
1 changed files with 6 additions and 0 deletions
--- a/library/aes.c
+++ b/library/aes.c
@ -1298,6 +1298,9 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,

    n = *iv_off;

+    if( n > 16 )
+        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+
    if( mode == MBEDTLS_AES_DECRYPT )
    {
        while( length-- )
@ -1391,6 +1394,9 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,

    n = *iv_off;

+    if( n > 16 )
+        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+
    while( length-- )
    {
        if( n == 0 )