yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-27 12:14:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix integer overflow in mbedtls_base64_decode()

Browse Source 
Fix potential integer overflows in the function mbedtls_base64_decode().
This overflow would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
This commit is contained in:
Andres AG 2017-01-18 17:21:03 +00:00
parent 016a0d3b6f
commit 81d126f923
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,5 +1,11 @@
mbed TLS ChangeLog (Sorted per branch, date) mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.x.x branch released xxxx-xx-xx
Bugfix
* Fixed potential arithmetic overflow in mbedtls_base64_decode() that could
cause buffer bound checks to be bypassed. Found by Eyal Itkin.
= mbed TLS 2.1.6 branch released 2016-10-17 = mbed TLS 2.1.6 branch released 2016-10-17
Security Security

2
library/base64.c
View File

@ -192,7 +192,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
return( 0 ); return( 0 );
} }
n = ( ( n * 6 ) + 7 ) >> 3; n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
n -= j; n -= j;
if( dst == NULL || dlen < n ) if( dst == NULL || dlen < n )