Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-01-04 13:45:05 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix buffer overflow in mbedtls_mpi_write_string()

Browse source 
Fix a buffer overflow when writting a string representation of an MPI
number to a buffer in hexadecimal. The problem occurs because hex
digits are written in pairs and this is not accounted for in the
calculation of the required buffer size when the number of digits is
odd.
This commit is contained in:
Andres AG 2017-01-06 13:17:35 +00:00 committed by Simon Butcher
parent 99acfc4521
commit d1cc7f6f34
3 changed files with 12 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
ChangeLog
View file

@ -56,6 +56,9 @@ Bugfix
generated in Visual Studio 2015. Reported by Steve Valliere. #742
* Fix a resource leak in ssl_cookie, when using MBEDTLS_THREADING_C.
Raised and fix suggested by Alan Gillingham in the mbed TLS forum. #771
* Fix 1 byte buffer overflow in mbedtls_mpi_write_string() when the MPI
number to write in hexadecimal is negative and requires an odd number of
digits. Found and fixed by Guido Vranken.
= mbed TLS 2.4.1 branch released 2016-12-13