yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'origin/pr/2405' into development

Browse source 
* origin/pr/2405:
  Fix ChangeLog entry ordering
  Fix typo
  Add non-regression test for buffer overflow
  Improve documentation of mbedtls_mpi_write_string()
  Adapt ChangeLog
  Fix 1-byte buffer overflow in mbedtls_mpi_write_string()
This commit is contained in:
Jaeden Amero 2019-04-05 14:08:49 +01:00
commit 62ab1f9961
4 changed files with 25 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ChangeLog
View file

@ -13,6 +13,8 @@ Bugfix
* Fix potential memory leak in X.509 self test. Found and fixed by * Fix potential memory leak in X.509 self test. Found and fixed by
Junhwan Park, #2106. Junhwan Park, #2106.
* Reduce stack usage of hkdf tests. Fixes #2195. * Reduce stack usage of hkdf tests. Fixes #2195.
* Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when
used with negative inputs. Found by Guido Vranken in #2404.
Changes Changes
* Server's RSA certificate in certs.c was SHA-1 signed. In the default * Server's RSA certificate in certs.c was SHA-1 signed. In the default

26
library/bignum.c
View file

@ -582,15 +582,20 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
if( radix < 2 || radix > 16 ) if( radix < 2 || radix > 16 )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
n = mbedtls_mpi_bitlen( X ); n = mbedtls_mpi_bitlen( X ); /* Number of bits necessary to present `n`. */
if( radix >= 4 ) n >>= 1; if( radix >= 4 ) n >>= 1; /* Number of 4-adic digits necessary to present
if( radix >= 16 ) n >>= 1; * `n`. If radix > 4, this might be a strict
/* * overapproximation of the number of
* Round up the buffer length to an even value to ensure that there is * radix-adic digits needed to present `n`. */
* enough room for hexadecimal values that can be represented in an odd if( radix >= 16 ) n >>= 1; /* Number of hexadecimal digits necessary to
* number of digits. * present `n`. */
*/
n += 3 + ( ( n + 1 ) & 1 ); n += 1; /* Terminating null byte */
n += 1; /* Compensate for the divisions above, which round down `n`
* in case it's not even. */
n += 1; /* Potential '-'-sign. */
n += ( n & 1 ); /* Make n even to have enough space for hexadecimal writing,
* which always uses an even number of hex-digits. */
if( buflen < n ) if( buflen < n )
{ {
@ -602,7 +607,10 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T );
if( X->s == -1 ) if( X->s == -1 )
{
*p++ = '-'; *p++ = '-';
buflen--;
}
if( radix == 16 ) if( radix == 16 )
{ {

3
tests/suites/test_suite_mpi.data
View file

@ -25,6 +25,9 @@ mpi_read_write_string:16:"-20":10:"-32":100:0:0
Base test mpi_read_write_string #3 (Negative decimal) Base test mpi_read_write_string #3 (Negative decimal)
mpi_read_write_string:16:"-23":16:"-23":100:0:0 mpi_read_write_string:16:"-23":16:"-23":100:0:0
Base test mpi_read_write_string #4 (Buffer just fits)
mpi_read_write_string:16:"-4":4:"-10":4:0:0
Test mpi_read_write_string #1 (Invalid character) Test mpi_read_write_string #1 (Invalid character)
mpi_read_write_string:10:"a28":0:"":100:MBEDTLS_ERR_MPI_INVALID_CHARACTER:0 mpi_read_write_string:10:"a28":0:"":100:MBEDTLS_ERR_MPI_INVALID_CHARACTER:0

3
tests/suites/test_suite_mpi.function
View file

@ -294,6 +294,8 @@ void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X );
memset( str, '!', sizeof( str ) );
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read ); TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read );
if( result_read == 0 ) if( result_read == 0 )
{ {
@ -301,6 +303,7 @@ void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
if( result_write == 0 ) if( result_write == 0 )
{ {
TEST_ASSERT( strcasecmp( str, input_A ) == 0 ); TEST_ASSERT( strcasecmp( str, input_A ) == 0 );
TEST_ASSERT( str[len] == '!' );
} }
} }