Merge branch 'iotssl-518-winpathlen-restricted' into development-restricted
* iotssl-518-winpathlen-restricted: Fix potential heap corruption on Windows
This commit is contained in:
commit
537e2a9b58
2 changed files with 5 additions and 2 deletions
|
@ -6,6 +6,9 @@ Security
|
|||
* Fix potential double free if mbedtls_ssl_conf_psk() is called more than
|
||||
once and some allocation fails. Cannot be forced remotely. Found by Guido
|
||||
Vranken, Intelworks.
|
||||
* Fix potential heap corruption on Windows when
|
||||
mbedtls_x509_crt_parse_path() is passed a path longer than 2GB. Cannot be
|
||||
triggered remotely. Found by Guido Vranken, Interlworks.
|
||||
* The X509 max_pathlen constraint was not enforced on intermediate
|
||||
certificates. Found by Nicholas Wilson, fix and tests provided by
|
||||
Janos Follath. #280 and #319
|
||||
|
|
|
@ -1099,7 +1099,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
|||
WCHAR szDir[MAX_PATH];
|
||||
char filename[MAX_PATH];
|
||||
char *p;
|
||||
int len = (int) strlen( path );
|
||||
size_t len = strlen( path );
|
||||
|
||||
WIN32_FIND_DATAW file_data;
|
||||
HANDLE hFind;
|
||||
|
@ -1133,7 +1133,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
|||
|
||||
w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
|
||||
lstrlenW( file_data.cFileName ),
|
||||
p, len - 1,
|
||||
p, (int) len - 1,
|
||||
NULL, NULL );
|
||||
if( w_ret == 0 )
|
||||
return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
|
||||
|
|
Loading…
Reference in a new issue