From 1a0fe5b5c5a902fb7d3e82ea791a0c7d2d56a13f Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 11 Oct 2024 17:17:21 +0100 Subject: [PATCH] Add ChangeLog entry for buffer overflow fix Signed-off-by: David Horstmann --- ChangeLog.d/fix-pkwrite-buffer-overrun.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 ChangeLog.d/fix-pkwrite-buffer-overrun.txt diff --git a/ChangeLog.d/fix-pkwrite-buffer-overrun.txt b/ChangeLog.d/fix-pkwrite-buffer-overrun.txt new file mode 100644 index 0000000000..bbef119373 --- /dev/null +++ b/ChangeLog.d/fix-pkwrite-buffer-overrun.txt @@ -0,0 +1,10 @@ +Security + * Fix a buffer overflow in mbedtls_pk_write_pubkey(), + mbedtls_pk_write_pubkey_der(), mbedtls_pk_write_pubkey_pem(), + mbedtls_pk_write_key_der() and mbedtls_pk_write_key_pem(). + With MBEDTLS_USE_PSA_CRYPTO turned on, these functions would + write to a location before the start of the output buffer if it was less + than the size of the key being written and also less than + PK_MAX_EC_PUBLIC_KEY_SIZE (for EC public keys) and + PSA_EXPORT_KEY_PAIR_MAX_SIZE (for RSA private keys). + This buffer overflow only occurs for keys with the type MBEDTLS_PK_OPAQUE.