yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-07-03 18:18:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed potential memory zeroization on miscrafted RSA key

Browse source 
(cherry picked from commit 3c16db9a10)

Conflicts:
	ChangeLog (Moved message to 'Branch 1.1')
This commit is contained in:
Paul Bakker 2012-07-05 13:58:08 +00:00
parent 9a120fd4f7
commit 0ea57e8c7a
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,5 +1,10 @@
PolarSSL ChangeLog PolarSSL ChangeLog
= Branch 1.1
Security
* Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
Vanderbeken)
= Version 1.1.4 released on 2012-05-31 = Version 1.1.4 released on 2012-05-31
Bugfix Bugfix
* Correctly handle empty SSL/TLS packets (Found by James Yonan) * Correctly handle empty SSL/TLS packets (Found by James Yonan)

2
library/rsa.c
View file

@ -646,7 +646,7 @@ int rsa_pkcs1_sign( rsa_context *ctx,
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
} }
if( nb_pad < 8 ) if( ( nb_pad < 8 ) || ( nb_pad > olen ) )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
*p++ = 0; *p++ = 0;