yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-01 23:10:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential unintended sign extension

Browse source 
Backport of 6fdc4cae from the 1.3 branch
This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-10 17:23:05 +02:00
parent 82f1a88a92
commit 64f65e84bc
2 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -6,6 +6,10 @@ Security
* Fix potential invalid memory read in the server, that allows a client to * Fix potential invalid memory read in the server, that allows a client to
crash it remotely (found by Caj Larsson). crash it remotely (found by Caj Larsson).
Bugfix
* Fix potential unintended sign extension in asn1_get_len() on 64-bit
platforms (found with Coverity Scan).
= Version 1.2.13 released 2015-02-16 = Version 1.2.13 released 2015-02-16
Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting
this will be made in the 1.2 branch at this point. this will be made in the 1.2 branch at this point.

8
library/asn1parse.c
View file

@ -62,7 +62,7 @@ int asn1_get_len( unsigned char **p,
if( ( end - *p ) < 3 ) if( ( end - *p ) < 3 )
return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
*len = ( (*p)[1] << 8 ) | (*p)[2]; *len = ( (size_t)(*p)[1] << 8 ) | (*p)[2];
(*p) += 3; (*p) += 3;
break; break;
@ -70,7 +70,8 @@ int asn1_get_len( unsigned char **p,
if( ( end - *p ) < 4 ) if( ( end - *p ) < 4 )
return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
*len = ( (*p)[1] << 16 ) | ( (*p)[2] << 8 ) | (*p)[3]; *len = ( (size_t)(*p)[1] << 16 ) |
( (size_t)(*p)[2] << 8 ) | (*p)[3];
(*p) += 4; (*p) += 4;
break; break;
@ -78,7 +79,8 @@ int asn1_get_len( unsigned char **p,
if( ( end - *p ) < 5 ) if( ( end - *p ) < 5 )
return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
*len = ( (*p)[1] << 24 ) | ( (*p)[2] << 16 ) | ( (*p)[3] << 8 ) | (*p)[4]; *len = ( (size_t)(*p)[1] << 24 ) | ( (size_t)(*p)[2] << 16 ) |
( (size_t)(*p)[3] << 8 ) | (*p)[4];
(*p) += 5; (*p) += 5;
break; break;