Fix 1 byte overread in mbedtls_asn1_get_int()

This commit is contained in:
Andres AG 2016-09-26 09:52:41 +01:00 committed by Simon Butcher
parent 2280e9cc48
commit 410d3dd3c7
2 changed files with 3 additions and 1 deletions

View file

@ -31,6 +31,8 @@ Bugfix
a contribution from Tobias Tangemann. #541
* Fixed cert_app sample program for debug output and for use when no root
certificates are provided.
* Fix conditional statement that would cause a 1 byte overread in
mbedtls_asn1_get_int(). Found and fixed by Guido Vranken.
* Fixed pthread implementation to avoid unintended double initialisations
and double frees. (found by Niklas Amnebratt)
* Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for

View file

@ -153,7 +153,7 @@ int mbedtls_asn1_get_int( unsigned char **p,
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
return( ret );
if( len > sizeof( int ) || ( **p & 0x80 ) != 0 )
if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
*val = 0;