mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 00:05:35 +00:00
Merge of IOTSSL-476 - Random malloc in pem_read()
This commit is contained in:
parent
e7f96f22ee
commit
a45aa1399b
|
@ -16,6 +16,10 @@ Security
|
|||
but might be in other uses. On 32 bit machines, requires reading a string
|
||||
of close to or larger than 1GB to exploit; on 64 bit machines, would require
|
||||
reading a string of close to or larger than 2^62 bytes.
|
||||
* Fix potential random memory allocation in mbedtls_pem_read_buffer()
|
||||
on crafted PEM input data. Found an fix provided by Guid Vranken.
|
||||
Not triggerable remotely in TLS. Triggerable remotely if you accept PEM
|
||||
data from an untrusted source.
|
||||
|
||||
Changes
|
||||
* Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure
|
||||
|
|
|
@ -184,7 +184,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
|
|||
}
|
||||
|
||||
if( n == 0 )
|
||||
{
|
||||
*olen = 0;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
n = ( ( n * 6 ) + 7 ) >> 3;
|
||||
n -= j;
|
||||
|
|
|
@ -316,6 +316,9 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
|
||||
}
|
||||
|
||||
if( s1 == s2 )
|
||||
return( MBEDTLS_ERR_PEM_INVALID_DATA );
|
||||
|
||||
ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
|
||||
|
||||
if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
|
||||
|
|
Loading…
Reference in a new issue