mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 08:04:24 +01:00
Prevent signed integer overflow in CSR parsing
Modify the function mbedtls_x509_csr_parse_der() so that it checks the parsed CSR version integer before it increments the value. This prevents a potential signed integer overflow, as these have undefined behaviour in the C standard.
This commit is contained in:
parent
487b7a9efc
commit
642ea1f399
@ -46,6 +46,10 @@ Bugfix
|
||||
Reported and fix suggested by guidovranken in #740
|
||||
* Fix conditional preprocessor directives in bignum.h to enable 64-bit
|
||||
compilation when using ARM Compiler 6.
|
||||
* Fix potential integer overflow in the version verification for DER
|
||||
encoded X509 CSRs. The overflow would enable maliciously constructed CSRs
|
||||
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
||||
KNOX Security, Samsung Research America
|
||||
|
||||
Changes
|
||||
* Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of
|
||||
|
@ -168,14 +168,14 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
csr->version++;
|
||||
|
||||
if( csr->version != 1 )
|
||||
if( csr->version != 0 )
|
||||
{
|
||||
mbedtls_x509_csr_free( csr );
|
||||
return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
|
||||
}
|
||||
|
||||
csr->version++;
|
||||
|
||||
/*
|
||||
* subject Name
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user