mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-07-09 21:47:33 +00:00
Prevent signed integer overflow in CSR parsing
Modify the function x509_csr_parse_der() so that it checks the parsed CSR version integer before it increments the value. This prevents a potential signed integer overflow, as these have undefined behaviour in the C standard.
This commit is contained in:
parent
47f3059780
commit
3df4e4e1d0
|
@ -20,6 +20,10 @@ Bugfix
|
||||||
* Fix a potential integer overflow in the version verification for DER
|
* Fix a potential integer overflow in the version verification for DER
|
||||||
encoded X509 certificates. The overflow would enable maliciously
|
encoded X509 certificates. The overflow would enable maliciously
|
||||||
constructed certificates to bypass the certificate verification check.
|
constructed certificates to bypass the certificate verification check.
|
||||||
|
* Fix potential integer overflow in the version verification for DER
|
||||||
|
encoded X509 CSRs. The overflow would enable maliciously constructed CSRs
|
||||||
|
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
||||||
|
KNOX Security, Samsung Research America
|
||||||
|
|
||||||
= mbed TLS 1.3.20 branch released 2017-06-21
|
= mbed TLS 1.3.20 branch released 2017-06-21
|
||||||
|
|
||||||
|
|
|
@ -169,14 +169,14 @@ int x509_csr_parse_der( x509_csr *csr,
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
csr->version++;
|
if( csr->version != 0 )
|
||||||
|
|
||||||
if( csr->version != 1 )
|
|
||||||
{
|
{
|
||||||
x509_csr_free( csr );
|
x509_csr_free( csr );
|
||||||
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
|
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
csr->version++;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* subject Name
|
* subject Name
|
||||||
*/
|
*/
|
||||||
|
|
Loading…
Reference in a new issue