yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 22:55:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
37e7736d8e
mbedtls/ChangeLog.d/mpi_exp_mod-zero.txt
Gilles Peskine 37e7736d8e Changelog for the fix to mbedtls_mpi_exp_mod(A=0) 
In Mbed TLS 2.26.0, the bug was hard to trigger, since all methods for
parsing a bignum (mbedtls_mpi_read_xxx functions) constructed an mbedtls_mpi
object with at least one limb.

In the development branch, after the commit
"New internal function mbedtls_mpi_resize_clear", this bug could be
triggered by a TLS server, by passing invalid custom Diffie-Hellman
parameters with G=0 transmitted as a 0-length byte string.

Since the behavior change in mbedtls_mpi_read_binary and
mbedtls_mpi_read_binary_le (constructing 0 limbs instead of 1 when passed
empty input) turned out to have consequences despite being in principle an
internal detail, mention it in the changelog.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:39:17 +02:00

8 lines
413 B
Plaintext
Raw Blame History

Bugfix
* Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
could not be triggered by code that constructed A with one of the
mbedtls_mpi_read_xxx functions (including in particular TLS code) since
those always built an mpi object with at least one limb.
Credit to OSS-Fuzz. Fixes #4641.
Reference in New Issue View Git Blame Copy Permalink