yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge of IOTSSL-476 - Random malloc in pem_read()

Browse source
This commit is contained in:
Simon Butcher 2015-10-05 00:26:36 +01:00
parent e7f96f22ee
commit a45aa1399b
3 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -16,6 +16,10 @@ Security
but might be in other uses. On 32 bit machines, requires reading a string but might be in other uses. On 32 bit machines, requires reading a string
of close to or larger than 1GB to exploit; on 64 bit machines, would require of close to or larger than 1GB to exploit; on 64 bit machines, would require
reading a string of close to or larger than 2^62 bytes. reading a string of close to or larger than 2^62 bytes.
* Fix potential random memory allocation in mbedtls_pem_read_buffer()
on crafted PEM input data. Found an fix provided by Guid Vranken.
Not triggerable remotely in TLS. Triggerable remotely if you accept PEM
data from an untrusted source.
Changes Changes
* Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure * Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure

3
library/base64.c
View file

@ -184,7 +184,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
} }
if( n == 0 ) if( n == 0 )
{
*olen = 0;
return( 0 ); return( 0 );
}
n = ( ( n * 6 ) + 7 ) >> 3; n = ( ( n * 6 ) + 7 ) >> 3;
n -= j; n -= j;

3
library/pem.c
View file

@ -316,6 +316,9 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
} }
if( s1 == s2 )
return( MBEDTLS_ERR_PEM_INVALID_DATA );
ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER ) if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )