Merge branch 'IOTSSL-628-BufferOverread'

2024-11-25 06:28:56 +00:00 · 2016-03-16 22:53:11 +00:00 · 2016-03-16 22:53:11 +00:00 · 078bcdd6f6
commit 078bcdd6f6
parent 184990c1d4 bc247c9946
2 changed files with 9 additions and 2 deletions
--- a/3
+++ b/3
@ -11,6 +11,9 @@ Security
   * Fix potential integer overflow to buffer overflow in
     mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
     (not triggerable remotely in (D)TLS).
+   * Fix a potential integer underflow to buffer overread in 
+     mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in
+     SSL/TLS.

 Bugfix
   * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three
--- a/library/rsa.c
+++ b/library/rsa.c
@ -701,6 +701,12 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
    if( md_info == NULL )
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );

+    hlen = mbedtls_md_get_size( md_info );
+
+    // checking for integer underflow
+    if( 2 * hlen + 2 > ilen )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
    /*
     * RSA operation
     */
@ -714,8 +720,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
    /*
     * Unmask data and generate lHash
     */
-    hlen = mbedtls_md_get_size( md_info );
-
    mbedtls_md_init( &md_ctx );
    mbedtls_md_setup( &md_ctx, md_info, 0 );