Check invalid nc_off

Uninitialized nc_off value >0xf passed by the caller can cause array out-of-bound.
This commit is contained in:
Mohammad Azim Khan 2017-11-23 17:49:05 +00:00 committed by Azim Khan
parent 4ca9a45756
commit 3f7f8170d6
2 changed files with 4 additions and 0 deletions

View file

@ -49,6 +49,7 @@
/* Error codes in range 0x0020-0x0022 */
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0024 /**< Invalid input data. */
/* Error codes in range 0x0023-0x0025 */
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */

View file

@ -1082,6 +1082,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
int c, i;
size_t n = *nc_off;
if ( n > 0x0F )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
while( length-- )
{
if( n == 0 ) {