mbedtls/library
Hanno Becker 992b6872f3 Fix heap corruption in ssl_decrypt_buf
Previously, MAC validation for an incoming record proceeded as follows:

1) Make a copy of the MAC contained in the record;
2) Compute the expected MAC in place, overwriting the presented one;
3) Compare both.

This resulted in a record buffer overflow if truncated MAC was used, as in this
case the record buffer only reserved 10 bytes for the MAC, but the MAC
computation routine in 2) always wrote a full digest.

For specially crafted records, this could be used to perform a controlled write of
up to 6 bytes past the boundary of the heap buffer holding the record, thereby
corrupting the heap structures and potentially leading to a crash or remote code
execution.

This commit fixes this by making the following change:
1) Compute the expected MAC in a temporary buffer that has the size of the
   underlying message digest.
2) Compare to this to the MAC contained in the record, potentially
   restricting to the first 10 bytes if truncated HMAC is used.

A similar fix is applied to the encryption routine `ssl_encrypt_buf`.
2017-11-20 08:52:25 +00:00
..
.gitignore Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
aes.c Export mbedtls_aes_(en/de)crypt to retain for API compatibility 2017-07-27 21:44:33 +01:00
aesni.c Fix build errors on x32 by using the generic 'add' instruction 2016-05-23 14:29:28 +01:00
arc4.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
asn1parse.c Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-13 13:54:14 +01:00
asn1write.c Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths 2016-08-25 15:42:27 +01:00
base64.c Add comment to integer overflow fix in base64.c 2017-02-15 23:31:07 +02:00
bignum.c Merge remote-tracking branch 'hanno/mpi_read_file_underflow' into development 2017-06-08 19:48:03 +02:00
blowfish.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
camellia.c Address user reported coverity issues. 2016-06-07 14:52:35 +01:00
ccm.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
certs.c Undo API change from SHA1 deprecation 2017-07-27 21:44:33 +01:00
cipher.c Fix integer overflows in buffer bound checks 2017-02-15 23:31:07 +02:00
cipher_wrap.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
cmac.c Rename time and index parameter to avoid name conflict. 2017-07-28 22:28:08 +01:00
CMakeLists.txt Update version number to 2.6.0 2017-08-10 11:51:16 +01:00
ctr_drbg.c Fix integer overflows in buffer bound checks 2017-02-15 23:31:07 +02:00
debug.c Fix compiler warning in debug.c 2017-02-15 09:08:26 +00:00
des.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
dhm.c Check return code of mbedtls_mpi_fill_random 2017-07-27 21:44:33 +01:00
ecdh.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ecdsa.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ecjpake.c Fix potential stack buffer overflow in ecjpake 2015-10-20 16:20:56 +02:00
ecp.c Check return code of mbedtls_mpi_fill_random 2017-07-27 21:44:33 +01:00
ecp_curves.c ECP: Add module and function level replacement options. 2017-05-11 22:42:14 +01:00
entropy.c Rename time and index parameter to avoid name conflict. 2017-07-28 22:28:08 +01:00
entropy_poll.c Renames null entropy source function for clarity 2016-06-12 00:31:33 +01:00
error.c Only return VERIFY_FAILED from a single point 2017-07-06 11:58:41 +02:00
gcm.c fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
havege.c Fixes warnings found by Clang static analyser 2016-05-23 23:18:26 +01:00
hmac_drbg.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Makefile Added cmac.o to libary/Makefile 2016-10-13 13:51:09 +01:00
md.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
md2.c Fix integer overflows in buffer bound checks 2017-02-15 23:31:07 +02:00
md4.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
md5.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
md_wrap.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
memory_buffer_alloc.c Fixes memory leak in memory_buffer_alloc.c debug 2016-05-23 14:29:29 +01:00
net_sockets.c Fix typo and bracketing in macro args 2017-10-12 23:21:37 +01:00
oid.c Removing in compile time unused entries from oid_ecp_grp list 2016-09-04 15:14:38 +01:00
padlock.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pem.c Fix unused variable/function compilation warnings 2017-02-15 22:54:42 +02:00
pk.c Fix data loss in unsigned int cast in PK 2017-05-11 21:55:17 +01:00
pk_wrap.c Fix data loss in unsigned int cast in PK 2017-05-11 21:55:17 +01:00
pkcs5.c Fix output of PKCS#5 and RIPEMD-160 self tests 2016-08-25 16:36:35 +01:00
pkcs11.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkcs12.c Shut up a few clang-analyze warnings about use of uninitialized variables 2016-05-23 14:29:28 +01:00
pkparse.c Clarify Comments and Fix Typos (#651) 2017-02-15 09:08:26 +00:00
pkwrite.c Fix other occurrences of same bounds check issue 2015-10-21 12:50:45 +02:00
platform.c Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT 2017-07-27 21:44:33 +01:00
ripemd160.c Fix output of PKCS#5 and RIPEMD-160 self tests 2016-08-25 16:36:35 +01:00
rsa.c Merge remote-tracking branch 'restricted/iotssl-1138-rsa-padding-check-restricted' into development-restricted 2017-06-08 20:31:06 +02:00
sha1.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
sha256.c Use allocated memory for SHA self tests 2016-10-13 15:10:14 +01:00
sha512.c Use allocated memory for SHA self tests 2016-10-13 15:10:14 +01:00
ssl_cache.c Fix naked call to time() with platform call 2017-07-28 23:46:43 +01:00
ssl_ciphersuites.c Undo API change 2017-07-27 21:44:33 +01:00
ssl_cli.c Always print gmt_unix_time in TLS client 2017-10-06 11:59:13 +01:00
ssl_cookie.c Fix resource leak when using mutex and ssl_cookie 2017-03-02 12:26:11 +00:00
ssl_srv.c Parse Signature Algorithm ext when renegotiating 2017-10-12 23:21:37 +01:00
ssl_ticket.c Puts platform time abstraction into its own header 2016-07-13 14:46:18 +01:00
ssl_tls.c Fix heap corruption in ssl_decrypt_buf 2017-11-20 08:52:25 +00:00
threading.c Remove mutexes from ECP hardware acceleration 2017-07-27 21:44:32 +01:00
timing.c Give better error messages for semi-portable parts 2016-02-22 10:47:32 +01:00
version.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
version_features.c Checked names 2017-07-27 21:44:33 +01:00
x509.c Correctly handle leap year in x509_date_is_valid() 2017-10-12 23:21:37 +01:00
x509_create.c Fix other occurrences of same bounds check issue 2015-10-21 12:50:45 +02:00
x509_crl.c Fix potential integer overflow parsing DER CRL 2017-07-27 21:44:34 +01:00
x509_crt.c Fix potential integer overflow parsing DER CRT 2017-07-27 21:44:34 +01:00
x509_csr.c Prevent signed integer overflow in CSR parsing 2017-07-27 21:44:34 +01:00
x509write_crt.c Rename time and index parameter to avoid name conflict. 2017-07-28 22:28:08 +01:00
x509write_csr.c Add missing bounds check in X509 DER write funcs 2016-10-11 14:07:48 +01:00
xtea.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00