mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-22 19:05:32 +00:00
Fix integer overflow mbedtls_base64_decode()
Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed.
This commit is contained in:
parent
6a54336897
commit
4623d83c6f
|
@ -27,6 +27,8 @@ Bugfix
|
|||
cause buffer bound checks to be bypassed. Found by Eyal Itkin.
|
||||
* Fixed potential arithmetic overflow in mbedtls_md2_update() that could
|
||||
cause buffer bound checks to be bypassed. Found by Eyal Itkin.
|
||||
* Fixed potential arithmetic overflow in mbedtls_base64_decode() that could
|
||||
cause buffer bound checks to be bypassed. Found by Eyal Itkin.
|
||||
|
||||
= mbed TLS 2.4.1 branch released 2016-12-13
|
||||
|
||||
|
|
|
@ -192,7 +192,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
n = ( ( n * 6 ) + 7 ) >> 3;
|
||||
n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
|
||||
n -= j;
|
||||
|
||||
if( dst == NULL || dlen < n )
|
||||
|
|
Loading…
Reference in a new issue