yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-06-06 01:28:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential integer overflow parsing DER CRT

Browse source 
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
This commit is contained in:
Andres AG 2017-03-09 16:46:14 +00:00 committed by Simon Butcher
parent 26124be17a
commit 47f3059780
2 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ChangeLog
View file

@ -17,6 +17,9 @@ Bugfix
encoded X509 CRLs. The overflow would enable maliciously constructed CRLs encoded X509 CRLs. The overflow would enable maliciously constructed CRLs
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
KNOX Security, Samsung Research America KNOX Security, Samsung Research America
* Fix a potential integer overflow in the version verification for DER
encoded X509 certificates. The overflow would enable maliciously
constructed certificates to bypass the certificate verification check.
= mbed TLS 1.3.20 branch released 2017-06-21 = mbed TLS 1.3.20 branch released 2017-06-21

6
library/x509_crt.c
View file

@ -619,14 +619,14 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
return( ret ); return( ret );
} }
crt->version++; if( crt->version < 0 || crt->version > 2 )
if( crt->version > 3 )
{ {
x509_crt_free( crt ); x509_crt_free( crt );
return( POLARSSL_ERR_X509_UNKNOWN_VERSION ); return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
} }
crt->version++;
if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params1, if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params1,
&crt->sig_md, &crt->sig_pk, &crt->sig_md, &crt->sig_pk,
&crt->sig_opts ) ) != 0 ) &crt->sig_opts ) ) != 0 )