mbedtls/library
Andrzej Kurek acf7f2ce93 Guard from undefined behaviour in case of an INT_MAX max_pathlen
When parsing a certificate with the basic constraints extension
the max_pathlen that was read from it was incremented regardless
of its value. However, if the max_pathlen is equal to INT_MAX (which
is highly unlikely), an undefined behaviour would occur.
This commit adds a check to ensure that such value is not accepted
as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced.
Certificates added in this commit were generated using the
test_suite_x509write, function test_x509_crt_check. Input data taken
from the "Certificate write check Server1 SHA1" test case, so the generated
files are like the "server1.crt", but with the "is_ca" field set to 1 and
max_pathlen as described by the file name.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-17 11:29:20 +02:00
..
.gitignore Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
aes.c Zeroize local AES variables before exiting the function 2019-11-12 03:34:03 -05:00
aesni.c Warn if using a memory sanitizer on AESNI 2018-04-05 15:37:38 +02:00
arc4.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
aria.c Implement parameter validation for ARIA module 2018-12-19 12:51:00 +00:00
asn1parse.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
asn1write.c Fix ASN1 bitstring writing 2019-02-11 21:13:33 +00:00
base64.c Add comment to integer overflow fix in base64.c 2017-02-15 23:31:07 +02:00
bignum.c Minor comment improvement 2020-02-03 16:21:31 +01:00
blowfish.c Implement parameter validation for Blowfish module 2018-12-19 12:52:59 +00:00
camellia.c Minor improvements to Camellia module and documentation 2018-12-19 13:42:05 +00:00
ccm.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
certs.c Update certificates to expire in 2029 2019-07-10 18:35:10 +03:00
chacha20.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
chachapoly.c Fix wrong conditional in free() functions 2018-12-18 15:30:30 +00:00
cipher.c Remove redundant block_size validity check 2020-01-27 15:16:16 +01:00
cipher_wrap.c Fix after PR comments 2018-07-23 18:18:32 +01:00
cmac.c Merge remote-tracking branch 'public/pr/1390' into development 2018-06-27 10:51:47 +01:00
CMakeLists.txt Bump version to Mbed TLS 2.16.6 2020-04-08 17:17:27 +01:00
ctr_drbg.c Merge remote-tracking branch 'origin/mbedtls-2.16' into mbedtls-2.16-restricted 2020-01-15 16:59:41 +00:00
debug.c Merge remote-tracking branch 'origin/pr/1818' into mbedtls-2.16 2019-03-05 16:28:18 +00:00
des.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
dhm.c Allow DHM self test to run without MBEDTLS_PEM_PARSE_C 2019-05-30 10:58:12 +01:00
ecdh.c Fix mbedtls_ecdh_get_params with new ECDH context 2019-02-22 12:51:51 +01:00
ecdsa.c Fix incrementing pointer instead of value 2020-01-24 12:35:47 +01:00
ecjpake.c Fix handling of md failure 2019-07-08 15:44:18 +02:00
ecp.c Fix leakage of projective coordinates in ECC 2020-04-01 11:02:18 +02:00
ecp_curves.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
entropy.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
entropy_poll.c Add missing bracket 2018-11-06 13:12:47 +00:00
error.c Fix #2370, minor typos and spelling mistakes 2019-02-18 14:50:57 +00:00
gcm.c Improve parameter validation in mbedtls_gcm_free() 2018-12-19 17:32:19 +01:00
havege.c Prevent building the HAVEGE module on platforms where it doesn't work 2019-06-17 15:12:51 +02:00
hkdf.c Fix issue if salt = NULL and salt_len !=0 in mbedtls_hkdf_extract() 2018-07-23 10:34:47 -07:00
hmac_drbg.c HMAC_DRBG: support set_entropy_len() before seed() 2019-10-23 18:00:03 +02:00
Makefile Fix #2370, minor typos and spelling mistakes 2019-02-18 14:50:57 +00:00
md.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
md2.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
md4.c Add more missing parentheses around macro parameters 2019-04-24 10:52:53 +02:00
md5.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
md_wrap.c New MD API: rename functions from _ext to _ret 2018-01-22 11:54:42 +01:00
memory_buffer_alloc.c Fix braces in mbedtls_memory_buffer_alloc_status() 2018-06-12 16:56:04 +01:00
net_sockets.c net_sockets: Fix typo in net_would_block() 2019-06-20 16:33:02 +01:00
nist_kw.c Remove faulty cipher_finish calls from nist_kw 2018-12-20 12:15:40 +01:00
oid.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
padlock.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pem.c Clear pk context and other minor changes in *_free() procedures 2018-06-12 18:25:09 +03:00
pk.c Merge remote-tracking branch 'public/pr/1721' into development-restricted 2018-12-20 12:37:13 +00:00
pk_wrap.c Fix or improve some comments (and whitespace) 2018-10-15 15:27:49 +02:00
pkcs5.c Guard mbedtls_pkcs5_pbes2() by MBEDTLS_ASN1_PARSE_C 2018-10-16 13:39:40 +01:00
pkcs11.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkcs12.c Make PBE-related parts of PKCS12 depend on MBEDTLS_ASN1_PARSE_C 2018-10-16 13:39:40 +01:00
pkparse.c Fix pkparse bug wrt MBEDTLS_RSA_ALT 2020-02-18 10:49:06 +01:00
pkwrite.c Merge remote-tracking branch 'upstream-restricted/pr/503' into mbedtls-2.16-restricted 2019-08-14 16:39:24 +02:00
platform.c Omit runtime configuration of calloc/free if macro config enabled 2018-10-11 11:04:20 +01:00
platform_util.c Check for zero length and NULL buffer pointer 2019-09-04 11:19:38 +01:00
poly1305.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
ripemd160.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
rsa.c Parse RSA parameters DP, DQ and QP from PKCS1 private keys 2020-01-29 13:09:55 -05:00
rsa_internal.c Bignum: Deprecate mbedtls_mpi_is_prime() 2018-10-09 16:36:53 +01:00
sha1.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
sha256.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
sha512.c Add more missing parentheses around macro parameters 2019-04-24 10:52:53 +02:00
ssl_cache.c Address PR review comments 2017-10-29 17:53:52 +02:00
ssl_ciphersuites.c Reduce priority of 3DES ciphersuites 2019-03-01 10:29:13 +01:00
ssl_cli.c Parse HelloVerifyRequest: avoid buffer overread at the start 2019-11-21 14:09:49 +01:00
ssl_cookie.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
ssl_srv.c Fix #2370, minor typos and spelling mistakes 2019-02-18 14:50:57 +00:00
ssl_ticket.c Indentation fix 2018-10-25 16:07:16 +01:00
ssl_tls.c Improve debug logging of client hard reconnect 2020-03-31 12:32:38 +02:00
threading.c Don't declare and define gmtime()-mutex on Windows platforms 2018-09-06 12:09:56 +01:00
timing.c timing: Remove redundant include file 2019-06-20 16:33:02 +01:00
version.c Fix missing void argument declarations #678 2016-11-04 23:05:56 +01:00
version_features.c Move MBEDTLS_CTR_DRBG_USE_128_BIT_KEY to the correct section 2019-10-04 11:21:25 +02:00
x509.c Correct comment on the configuration option in x509.c 2020-03-28 00:35:49 +00:00
x509_create.c Break overly long line in library/x509_create.c 2018-11-02 10:52:38 +00:00
x509_crl.c Always return a high-level error code from X.509 module 2019-06-04 14:01:10 +01:00
x509_crt.c Guard from undefined behaviour in case of an INT_MAX max_pathlen 2020-04-17 11:29:20 +02:00
x509_csr.c Fix CSR parsing header call 2018-10-07 17:48:37 +01:00
x509write_crt.c Change size of preallocated buffer for pk_sign() calls 2019-06-06 13:13:26 +02:00
x509write_csr.c Add missing return code check on call to mbedtls_md() 2020-01-22 18:59:37 +01:00
xtea.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00