Check invalid nc_off
Uninitialized nc_off value >0xf passed by the caller can cause array out-of-bound.
This commit is contained in:
parent
4ca9a45756
commit
3f7f8170d6
2 changed files with 4 additions and 0 deletions
|
@ -49,6 +49,7 @@
|
|||
/* Error codes in range 0x0020-0x0022 */
|
||||
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
|
||||
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0024 /**< Invalid input data. */
|
||||
|
||||
/* Error codes in range 0x0023-0x0025 */
|
||||
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
|
||||
|
|
|
@ -1082,6 +1082,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
|||
int c, i;
|
||||
size_t n = *nc_off;
|
||||
|
||||
if ( n > 0x0F )
|
||||
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
||||
|
||||
while( length-- )
|
||||
{
|
||||
if( n == 0 ) {
|
||||
|
|
Loading…
Reference in a new issue