Fix integer overflows in buffer bound checks

Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed.
2025-07-28 00:21:48 +03:00 · 2017-01-17 23:04:22 +00:00
parent 49d29337fa
commit 6a54336897
5 changed files with 16 additions and 4 deletions
--- a/library/md2.c
+++ b/library/md2.c
@ -158,7 +158,7 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, s

    while( ilen > 0 )
    {
-        if( ctx->left + ilen > 16 )
+        if( ilen > 16 - ctx->left )
            fill = 16 - ctx->left;
        else
            fill = ilen;