Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-22 05:46:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Check invalid nc_off

Browse source 
Uninitialized nc_off value >0xf passed by the caller can cause array out-of-bound.
This commit is contained in:
Mohammad Azim Khan 2017-11-23 17:49:05 +00:00 committed by Azim Khan
parent 4ca9a45756
commit 3f7f8170d6
2 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
include/mbedtls/aes.h
View file

@ -49,6 +49,7 @@
/* Error codes in range 0x0020-0x0022 */ /* Error codes in range 0x0020-0x0022 */
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0024 /**< Invalid input data. */
/* Error codes in range 0x0023-0x0025 */ /* Error codes in range 0x0023-0x0025 */
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */ #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */

3
library/aes.c
View file

@ -1082,6 +1082,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
int c, i; int c, i;
size_t n = *nc_off; size_t n = *nc_off;
if ( n > 0x0F )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
while( length-- ) while( length-- )
{ {
if( n == 0 ) { if( n == 0 ) {