yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 18:35:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add precision about exploitability in ChangeLog

Browse Source 
Also fix some whitespace while at it.
This commit is contained in:
Manuel Pégourié-Gonnard 2016-02-11 10:35:13 +01:00 committed by Simon Butcher
parent ff40a4b805
commit 7dc6f93db1
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date)
Security Security
* Fix potential integer overflow to buffer overflow in * Fix potential integer overflow to buffer overflow in
mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
(not triggerable remotely in (D)TLS).
Bugfix Bugfix
* Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three

2
library/rsa.c
View File

@ -595,7 +595,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
olen = ctx->len; olen = ctx->len;
// first comparison checks for overflow // first comparison checks for overflow
if( ilen + 11 < ilen || olen < ilen + 11 ) if( ilen + 11 < ilen || olen < ilen + 11 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );