From eff335d575e0949ba25b60a358f31461eab055fe Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 1 Feb 2019 16:41:30 +0000
Subject: [PATCH] Fix 1-byte buffer overflow in mbedtls_mpi_write_string()

This can only occur for negative numbers. Fixes #2404.
---
 library/bignum.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/bignum.c b/library/bignum.c
index f6e50b986..54ab7e3ec 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -572,7 +572,10 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
     mbedtls_mpi_init( &T );
 
     if( X->s == -1 )
+    {
         *p++ = '-';
+        buflen--;
+    }
 
     if( radix == 16 )
     {