yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-30 21:07:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix 1 byte overread in mbedtls_asn1_get_int()

Browse source
This commit is contained in:
Andres AG 2016-09-26 09:52:41 +01:00 committed by Simon Butcher
parent f527609849
commit 57e6e8fbb7
2 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -16,7 +16,10 @@ Bugfix
when GCM is used. #441 when GCM is used. #441
* Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't * Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
enabled unless others were also present. Found by David Fernandez. #428 enabled unless others were also present. Found by David Fernandez. #428
* Fixed configuration of debug output in cert_app sample program. * Fixed cert_app sample program for debug output and for use when no root
certificates are provided.
* Fix conditional statement that would cause a 1 byte overread in
mbedtls_asn1_get_int(). Found and fixed by Guido Vranken.
* Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for
builds where the configuration POLARSSL_PEM_WRITE_C is not defined. Found builds where the configuration POLARSSL_PEM_WRITE_C is not defined. Found
by inestlerode. #559. by inestlerode. #559.

2
library/asn1parse.c
View file

@ -154,7 +154,7 @@ int asn1_get_int( unsigned char **p,
if( ( ret = asn1_get_tag( p, end, &len, ASN1_INTEGER ) ) != 0 ) if( ( ret = asn1_get_tag( p, end, &len, ASN1_INTEGER ) ) != 0 )
return( ret ); return( ret );
if( len > sizeof( int ) || ( **p & 0x80 ) != 0 ) if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 )
return( POLARSSL_ERR_ASN1_INVALID_LENGTH ); return( POLARSSL_ERR_ASN1_INVALID_LENGTH );
*val = 0; *val = 0;