diff --git a/ChangeLog b/ChangeLog index 4d71127da..1f09c8387 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,12 @@ Security characters after the footer could result in the execution of an infinite loop. The issue can be triggered remotely. Found by Greg Zaverucha, Microsoft. + * Fixed a bug that caused freeing a buffer that was allocated on the stack, + when verifying the validity of a key on secp224k1. This could be + triggered remotely for example with a maliciously constructed certificate + and might have led to remote code execution on some exotic embedded + platforms. Reported independently by rongsaws and Regina Wilson. + CVE-2017-2784 Bugfix * Fix output certificate verification flags set by x509_crt_verify_top() when diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 9a6e8eb18..a2a5495a9 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -1213,7 +1213,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t int ret; size_t i; mbedtls_mpi M, R; - mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R]; + mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; if( N->n < p_limbs ) return( 0 ); @@ -1235,7 +1235,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); if( shift != 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 ) @@ -1257,7 +1257,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); if( shift != 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 )