mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 05:05:35 +00:00
Merge remote-tracking branch 'restricted/pr/470' into development-restricted
This commit is contained in:
commit
129fa82908
|
@ -6,6 +6,10 @@ Security
|
||||||
* Fix a potential memory leak in mbedtls_ssl_setup( ) function. An allocation
|
* Fix a potential memory leak in mbedtls_ssl_setup( ) function. An allocation
|
||||||
failure could leave an unreleased buffer. A handshake init failure would
|
failure could leave an unreleased buffer. A handshake init failure would
|
||||||
lead to leaving two unreleased buffers.
|
lead to leaving two unreleased buffers.
|
||||||
|
* Fix an issue in the X.509 module which could lead to a buffer overread
|
||||||
|
during certificate extensions parsing. In case of receiving malformed
|
||||||
|
input (extensions length field equal to 0), an illegal read of one byte
|
||||||
|
beyond the input buffer is made. Found and analyzed by Nathan Crandall.
|
||||||
|
|
||||||
Features
|
Features
|
||||||
* Add support for fragmentation of outgoing DTLS handshake messages. This
|
* Add support for fragmentation of outgoing DTLS handshake messages. This
|
||||||
|
|
|
@ -579,18 +579,14 @@ static int x509_get_crt_ext( unsigned char **p,
|
||||||
end_ext_data = *p + len;
|
end_ext_data = *p + len;
|
||||||
|
|
||||||
/* Get extension ID */
|
/* Get extension ID */
|
||||||
extn_oid.tag = **p;
|
if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len,
|
||||||
|
MBEDTLS_ASN1_OID ) ) != 0 )
|
||||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &extn_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
|
|
||||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
|
extn_oid.tag = MBEDTLS_ASN1_OID;
|
||||||
extn_oid.p = *p;
|
extn_oid.p = *p;
|
||||||
*p += extn_oid.len;
|
*p += extn_oid.len;
|
||||||
|
|
||||||
if( ( end - *p ) < 1 )
|
|
||||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
|
||||||
MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
|
||||||
|
|
||||||
/* Get optional critical */
|
/* Get optional critical */
|
||||||
if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
|
if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
|
||||||
( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
|
( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
|
||||||
|
|
Loading…
Reference in a new issue