Fix null pointer dereference in the RSA module.

Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2024-11-23 08:35:43 +01:00 · 2016-03-18 11:45:44 +00:00 · 2016-03-18 11:45:44 +00:00 · 7ddc2cdfce
commit 7ddc2cdfce
parent e9f842782b
2 changed files with 4 additions and 1 deletions
--- a/2
+++ b/2
@ -8,6 +8,8 @@ Bugfix
     Follath. #309
   * Fix issue in Makefile that prevented building using armar. #386
   * Fix issue that caused a hang up when generating RSA keys of odd bitlength
+   * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer
+     dereference possible.

 Changes
   * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
--- a/library/rsa.c
+++ b/library/rsa.c
@ -586,7 +586,8 @@ int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx,
    if( mode == RSA_PRIVATE && ctx->padding != RSA_PKCS_V15 )
        return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );

-    if( f_rng == NULL )
+    // We don't check p_rng because it won't be dereferenced here
+    if( f_rng == NULL || input == NULL || output == NULL )
        return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );

    olen = ctx->len;