From af97cae27dab0de5396e341c80370d74fcb1d2e7 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 1 Feb 2019 16:41:30 +0000
Subject: [PATCH] Fix 1-byte buffer overflow in mbedtls_mpi_write_string()

This can only occur for negative numbers. Fixes #2404.
---
 library/bignum.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/bignum.c b/library/bignum.c
index 47e4529be..467c3aa4b 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -602,7 +602,10 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
     mbedtls_mpi_init( &T );
 
     if( X->s == -1 )
+    {
         *p++ = '-';
+        buflen--;
+    }
 
     if( radix == 16 )
     {