3008dde386
In Mbed TLS 2.26.0, the bug was hard to trigger, since all methods for parsing a bignum (mbedtls_mpi_read_xxx functions) constructed an mbedtls_mpi object with at least one limb. In the development branch, after the commit "New internal function mbedtls_mpi_resize_clear", this bug could be triggered by a TLS server, by passing invalid custom Diffie-Hellman parameters with G=0 transmitted as a 0-length byte string. Since the behavior change in mbedtls_mpi_read_binary and mbedtls_mpi_read_binary_le (constructing 0 limbs instead of 1 when passed empty input) turned out to have consequences despite being in principle an internal detail, mention it in the changelog. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
7 lines
413 B
Text
7 lines
413 B
Text
Bugfix
|
|
* Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
|
|
A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
|
|
could not be triggered by code that constructed A with one of the
|
|
mbedtls_mpi_read_xxx functions (including in particular TLS code) since
|
|
those always built an mpi object with at least one limb.
|
|
Credit to OSS-Fuzz. Fixes #4641.
|