Check invalid nc_off

Uninitialized nc_off value >0xf passed by the caller can cause array out-of-bound.
2025-07-29 11:41:15 +03:00 · 2017-11-23 17:49:05 +00:00
parent 4ca9a45756
commit 3f7f8170d6
2 changed files with 4 additions and 0 deletions
--- a/library/aes.c
+++ b/library/aes.c
@ -1082,6 +1082,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
    int c, i;
    size_t n = *nc_off;

+    if ( n > 0x0F )
+        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+
    while( length-- )
    {
        if( n == 0 ) {