Add precision about exploitability in ChangeLog

Also fix some whitespace while at it.
2016-02-11 10:35:13 +01:00 · 2016-02-11 10:35:13 +01:00 · 7dc6f93db1
commit 7dc6f93db1
parent ff40a4b805
2 changed files with 2 additions and 1 deletions
--- a/1
+++ b/1
@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date)
 Security
   * Fix potential integer overflow to buffer overflow in
     mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
+     (not triggerable remotely in (D)TLS).

 Bugfix
   * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three
--- a/library/rsa.c
+++ b/library/rsa.c
@ -595,7 +595,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );

    olen = ctx->len;
-    
+
    // first comparison checks for overflow
    if( ilen + 11 < ilen || olen < ilen + 11 )
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );