mbedtls/tests
Hanno Becker 992b6872f3 Fix heap corruption in ssl_decrypt_buf
Previously, MAC validation for an incoming record proceeded as follows:

1) Make a copy of the MAC contained in the record;
2) Compute the expected MAC in place, overwriting the presented one;
3) Compare both.

This resulted in a record buffer overflow if truncated MAC was used, as in this
case the record buffer only reserved 10 bytes for the MAC, but the MAC
computation routine in 2) always wrote a full digest.

For specially crafted records, this could be used to perform a controlled write of
up to 6 bytes past the boundary of the heap buffer holding the record, thereby
corrupting the heap structures and potentially leading to a crash or remote code
execution.

This commit fixes this by making the following change:
1) Compute the expected MAC in a temporary buffer that has the size of the
   underlying message digest.
2) Compare to this to the MAC contained in the record, potentially
   restricting to the first 10 bytes if truncated HMAC is used.

A similar fix is applied to the encryption routine `ssl_encrypt_buf`.
2017-11-20 08:52:25 +00:00
..
data_files Improve Readme for long test certificate chains 2017-07-26 13:49:38 +01:00
git-scripts Move the git scripts to correct path 2017-07-27 21:44:34 +01:00
scripts Allow comments in test data files 2017-10-06 11:58:50 +01:00
suites Improve leap year test names in x509parse.data 2017-10-12 23:21:37 +01:00
.gitignore Move some ignore patterns to subdirectories 2015-01-28 15:33:23 +00:00
CMakeLists.txt Remove need for elevated command line in Windows 2017-02-15 09:08:26 +00:00
compat.sh Allow SHA-1 in test scripts 2017-06-06 18:44:14 +02:00
Descriptions.txt Add selftest program to the list of tests 2014-04-04 16:33:01 +02:00
Makefile Clean up of formatting, and potential integer overflow fix 2016-10-13 13:51:13 +01:00
ssl-opt.sh Fix heap corruption in ssl_decrypt_buf 2017-11-20 08:52:25 +00:00