lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Fix integer overflows in buffer bound checks

Browse Source 
Fix potential integer overflows in the following functions:
  * mbedtls_md2_update() to be bypassed and cause
  * mbedtls_cipher_update()
  * mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
This commit is contained in:
Andres Amaya Garcia
2017-01-17 23:04:22 +00:00
committed by Simon Butcher
parent 49d29337fa
commit 6a54336897
5 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tests/suites/test_suite_ctr_drbg.function
View File

@ -39,6 +39,11 @@ void ctr_drbg_special_behaviours( )
TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional,
MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + 1 ) ==
MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
mbedtls_ctr_drbg_set_entropy_len( &ctx, ~0 );
TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional,
MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) ==
MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
exit:
mbedtls_ctr_drbg_free( &ctx );
}