yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-08 08:35:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential random malloc in pem_read()

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-09-28 18:27:15 +02:00
parent 9b75305d6a
commit b73ce45b3f
3 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -11,6 +11,10 @@ Security
but might be in other uses. On 32 bit machines, requires reading a string but might be in other uses. On 32 bit machines, requires reading a string
of close to or larger than 1GB to exploit; on 64 bit machines, would require of close to or larger than 1GB to exploit; on 64 bit machines, would require
reading a string of close to or larger than 2^62 bytes. reading a string of close to or larger than 2^62 bytes.
* Fix potential random memory allocation in mbedtls_pem_read_buffer()
on crafted PEM input data. Found an fix provided by Guid Vranken.
Not triggerable remotely in TLS. Triggerable remotely if you accept PEM
data from an untrusted source.
= Version 1.2.16 released 2015-09-17 = Version 1.2.16 released 2015-09-17

3
library/base64.c
View file

@ -176,7 +176,10 @@ int base64_decode( unsigned char *dst, size_t *dlen,
} }
if( n == 0 ) if( n == 0 )
{
*dlen = 0;
return( 0 ); return( 0 );
}
n = ((n * 6) + 7) >> 3; n = ((n * 6) + 7) >> 3;
n -= j; n -= j;

3
library/pem.c
View file

@ -287,6 +287,9 @@ int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigne
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */ #endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
} }
if( s1 == s2 )
return( POLARSSL_ERR_PEM_INVALID_DATA );
len = 0; len = 0;
ret = base64_decode( NULL, &len, s1, s2 - s1 ); ret = base64_decode( NULL, &len, s1, s2 - s1 );