Fix integer overflows in buffer bound checks
Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed.
This commit is contained in:
Andres Amaya Garcia
Simon Butcher
parent
49d29337fa
commit
6a54336897
5 changed files with 16 additions and 4 deletions
|
|
@ -158,7 +158,7 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, s
|
|||
|
||||
while( ilen > 0 )
|
||||
{
|
||||
if( ctx->left + ilen > 16 )
|
||||
if( ilen > 16 - ctx->left )
|
||||
fill = 16 - ctx->left;
|
||||
else
|
||||
fill = ilen;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue