yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-06-19 23:17:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix invalid memory read in x509_get_sig()

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-23 10:52:49 +02:00
parent cd7d24d464
commit 0c2fa144bc
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ChangeLog
View file

@ -5,6 +5,9 @@ PolarSSL ChangeLog
Security Security
* Fix potential invalid memory read in the server, that allows a client to * Fix potential invalid memory read in the server, that allows a client to
crash it remotely (found by Caj Larsson). crash it remotely (found by Caj Larsson).
* Fix potential invalid memory read in certificate parsing, that allows a
client to crash the server remotely if client authentication is enabled
(found using Codenomicon Defensics).
Bugfix Bugfix
* Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos). * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).

3
library/x509parse.c
View file

@ -519,8 +519,7 @@ static int x509_get_sig( unsigned char **p,
if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 ) if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + ret ); return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + ret );
if( len-- < 2 || *(*p)++ != 0 )
if( --len < 1 || *(*p)++ != 0 )
return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE ); return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE );
sig->len = len; sig->len = len;