yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-01 23:10:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed potential heap buffer overflow on large hostname setting

Browse source 
(cherry picked from commit 75c1a6f97c)

Conflicts:
	library/ssl_tls.c
This commit is contained in:
Paul Bakker 2013-09-11 11:38:34 +02:00
parent df177ba728
commit 3081ba12bb
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ChangeLog
View file

@ -8,6 +8,7 @@ Security
* Potential buffer-overflow for ssl_read_record() (independently found by * Potential buffer-overflow for ssl_read_record() (independently found by
both TrustInSoft and Paul Brodeur of Leviathan Security Group) both TrustInSoft and Paul Brodeur of Leviathan Security Group)
* Potential negative value misinterpretation in load_file() * Potential negative value misinterpretation in load_file()
* Potential heap buffer overflow on large hostname setting
= Version 1.1.7 released on 2013-06-19 = Version 1.1.7 released on 2013-06-19
Changes Changes

6
library/ssl_tls.c
View file

@ -1991,6 +1991,10 @@ int ssl_set_hostname( ssl_context *ssl, const char *hostname )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
ssl->hostname_len = strlen( hostname ); ssl->hostname_len = strlen( hostname );
if( ssl->hostname_len + 1 == 0 )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
ssl->hostname = (unsigned char *) malloc( ssl->hostname_len + 1 ); ssl->hostname = (unsigned char *) malloc( ssl->hostname_len + 1 );
if( ssl->hostname == NULL ) if( ssl->hostname == NULL )
@ -1998,7 +2002,7 @@ int ssl_set_hostname( ssl_context *ssl, const char *hostname )
memcpy( ssl->hostname, (unsigned char *) hostname, memcpy( ssl->hostname, (unsigned char *) hostname,
ssl->hostname_len ); ssl->hostname_len );
ssl->hostname[ssl->hostname_len] = '\0'; ssl->hostname[ssl->hostname_len] = '\0';
return( 0 ); return( 0 );