eden-emu/mbedtls
20
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'iotssl-519-asn1write-overflows-restricted' into development-restricted

Browse source 
* iotssl-519-asn1write-overflows-restricted:
  Fix other int casts in bounds checking
  Fix other occurrences of same bounds check issue
  Fix potential buffer overflow in asn1write
This commit is contained in:
Manuel Pégourié-Gonnard 2015-11-02 11:07:30 +09:00
commit bd3639852c
5 changed files with 24 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
library/asn1write.c
View file

@ -87,7 +87,7 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
{
size_t len = 0;
if( *p - start < (int) size )
if( *p < start || (size_t)( *p - start ) < size )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
len = size;
@ -107,7 +107,7 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedt
//
len = mbedtls_mpi_size( X );
if( *p - start < (int) len )
if( *p < start || (size_t)( *p - start ) < len )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
(*p) -= len;
@ -270,7 +270,7 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
// Calculate byte length
//
if( *p - start < (int) size + 1 )
if( *p < start || (size_t)( *p - start ) < size + 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
len = size + 1;