mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-22 19:55:43 +00:00
Fixed potential overflow in certificate size in ssl_write_certificate()
This commit is contained in:
parent
6ea1a95ce8
commit
6992eb762c
|
@ -32,6 +32,8 @@ Bugfix
|
|||
* Fixed x509_crt_parse_path() bug on Windows platforms
|
||||
* Added missing MPI_CHK() around some statements in mpi_div_mpi() (found by
|
||||
TrustInSoft)
|
||||
* Fixed potential overflow in certificate size verification in
|
||||
ssl_write_certificate() (found by TrustInSoft)
|
||||
|
||||
Security
|
||||
* Possible remotely-triggered out-of-bounds memory access fixed (found by
|
||||
|
|
|
@ -2453,7 +2453,7 @@ int ssl_write_certificate( ssl_context *ssl )
|
|||
while( crt != NULL )
|
||||
{
|
||||
n = crt->raw.len;
|
||||
if( i + 3 + n > SSL_MAX_CONTENT_LEN )
|
||||
if( n > SSL_MAX_CONTENT_LEN - 3 - i )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
|
||||
i + 3 + n, SSL_MAX_CONTENT_LEN ) );
|
||||
|
|
Loading…
Reference in a new issue