lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Fix stack buffer overflow in ECDSA signature format conversions

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2024-06-26 23:32:50 +02:00
parent f6275b745f
commit 4269ee6f2d
3 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
library/psa_util.c
View File

@ -443,6 +443,9 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l
if (raw_len != (2 * coordinate_len)) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
if (coordinate_len > sizeof(r)) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
/* Since raw and der buffers might overlap, dump r and s before starting
* the conversion. */
@ -561,6 +564,9 @@ int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_l
if (raw_size < coordinate_size * 2) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
if (2 * coordinate_size > sizeof(raw_tmp)) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
/* Check that the provided input DER buffer has the right header. */
ret = mbedtls_asn1_get_tag(&p, der + der_len, &data_len,