Merge branch 'IOTSSL-621-PotentialIntegerOverflow' into development-restricted

* IOTSSL-621-PotentialIntegerOverflow: Add precision about exploitability in ChangeLog Add Changelog entry for current branch Included tests for the overflow
2024-12-29 19:25:44 +00:00 · 2016-02-11 10:39:31 +01:00 · 2016-02-11 10:39:31 +01:00 · 3c44760ae2
parent 4ae5c294a4 9678b5dccd
commit 3c44760ae2
2 changed files with 9 additions and 2 deletions
--- a/5
+++ b/5
@ -2,6 +2,11 @@ mbed TLS ChangeLog (Sorted per branch, date)

 = mbed TLS 2.x branch

+Security
+   * Fix potential integer overflow to buffer overflow in
+     mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
+     (not triggerable remotely in (D)TLS).
+
 Bugfix
   * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three
     arguments where the same (in-place doubling). Found and fixed by Janos
--- a/library/rsa.c
+++ b/library/rsa.c
@ -529,7 +529,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
    olen = ctx->len;
    hlen = mbedtls_md_get_size( md_info );

-    if( olen < ilen + 2 * hlen + 2 )
+    // first comparison checks for overflow
+    if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );

    memset( output, 0, olen );
@ -595,7 +596,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,

    olen = ctx->len;

-    if( olen < ilen + 11 )
+    // first comparison checks for overflow
+    if( ilen + 11 < ilen || olen < ilen + 11 )
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );

    nb_pad = olen - 3 - ilen;