From eddfe8f6f3ac3597ce95581c47658e7c696d4497 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 8 Feb 2016 14:52:29 +0000 Subject: [PATCH] Included tests for the overflow --- library/rsa.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index fba68ddfc..3cb92f40c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -529,7 +529,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, olen = ctx->len; hlen = mbedtls_md_get_size( md_info ); - if( olen < ilen + 2 * hlen + 2 ) + // first comparison checks for overflow + if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); memset( output, 0, olen ); @@ -594,8 +595,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; - - if( olen < ilen + 11 ) + + // first comparison checks for overflow + if( ilen + 11 < ilen || olen < ilen + 11 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); nb_pad = olen - 3 - ilen;