mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 02:14:15 +01:00
Fix potential buffer overread of size 1
This commit is contained in:
parent
309c798b2b
commit
d8a1ea72b1
@ -12,6 +12,8 @@ Security
|
||||
* Fix potential stack overflow while parsing crafted X.509 certificates
|
||||
(TLS server is not affected if it doesn't ask for a client certificate)
|
||||
found using Codenomicon Defensics).
|
||||
* Fix buffer overread of size 1 when parsing crafted X.509 certificates
|
||||
(TLS server is not affected if it doesn't ask for a client certificate).
|
||||
|
||||
Bugfix
|
||||
* Fix potential undefined behaviour in Camellia.
|
||||
|
@ -193,6 +193,11 @@ static int x509_get_alg( unsigned char **p,
|
||||
return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
|
||||
|
||||
end = *p + len;
|
||||
|
||||
if( len < 1 )
|
||||
return( POLARSSL_ERR_X509_CERT_INVALID_ALG +
|
||||
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
alg->tag = **p;
|
||||
|
||||
if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
|
||||
@ -240,6 +245,11 @@ static int x509_get_attr_type_value( unsigned char **p,
|
||||
return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
|
||||
|
||||
oid = &cur->oid;
|
||||
|
||||
if( len < 1 )
|
||||
return( POLARSSL_ERR_X509_CERT_INVALID_NAME +
|
||||
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
oid->tag = **p;
|
||||
|
||||
if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
|
||||
|
@ -450,7 +450,7 @@ X509 Certificate ASN1 (TBSCertificate, issuer no inner set data)
|
||||
x509parse_crt:"30223020a0030201028204deadbeef300d06092a864886f70d0101020500300431023000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, issuer two inner set datas)
|
||||
x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, issuer no oid data)
|
||||
x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430020600":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
Loading…
Reference in New Issue
Block a user