yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 11:25:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Detect unsigned integer overflow in mbedtls_ecp_check_budget()

Browse Source 
This commit modifies a bounds check in `mbedtls_ecp_check_budget()` to
be correct even if the requested number of ECC operations would overflow
the operation counter.
This commit is contained in:
Hanno Becker 2018-10-26 13:50:13 +01:00
parent abdf67ee9f
commit b10c66073f
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
library/ecp.c
View File

@ -248,9 +248,16 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
else if( grp->pbits >= 384 )
ops *= 2;
/* avoid infinite loops: always allow first step */
if( rs_ctx->ops_done != 0 && rs_ctx->ops_done + ops > ecp_max_ops )
/* Avoid infinite loops: always allow first step.
* Because of that, however, it's not generally true
* that ops_done <= ecp_max_ops, so the check
* ops_done > ecp_max_ops below is mandatory. */
if( ( rs_ctx->ops_done != 0 ) &&
( rs_ctx->ops_done > ecp_max_ops ||
ops > ecp_max_ops - rs_ctx->ops_done ) )
{
return( MBEDTLS_ERR_ECP_IN_PROGRESS );
}
/* update running count */
rs_ctx->ops_done += ops;