TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-05 20:15:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix other occurrences of same bounds check issue

Browse Source 
Security impact is the same: not triggerrable remotely except in very specific
use cases

backport of 4dc9b39
This commit is contained in:
Manuel Pégourié-Gonnard
2015-10-21 12:23:09 +02:00
parent 758f490c90
commit 8abc22dde5
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/pkwrite.c
View File

@@ -97,7 +97,7 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
return( ret );
}
if( *p - start < (int) len )
if( *p < start || (size_t)( *p - start ) < len )
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
*p -= len;

5
library/x509_create.c
View File

@@ -265,13 +265,16 @@ int x509_write_sig( unsigned char **p, unsigned char *start,
int ret;
size_t len = 0;
if( *p - start < (int) size + 1 )
if( *p < start || (size_t)( *p - start ) < size )
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
len = size;
(*p) -= len;
memcpy( *p, sig, len );
if( *p - start < 1 )
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
*--(*p) = 0;
len += 1;