mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 19:18:08 +00:00
Fix NULL dereference in buffer-based allocator
This commit is contained in:
parent
765bb31d24
commit
547ff6618f
2 changed files with 8 additions and 1 deletions
|
@ -9,6 +9,12 @@ Features
|
||||||
* Add support for Extended Master Secret (draft-ietf-tls-session-hash)
|
* Add support for Extended Master Secret (draft-ietf-tls-session-hash)
|
||||||
* Add support for Encrypt-then-MAC (RFC 7366)
|
* Add support for Encrypt-then-MAC (RFC 7366)
|
||||||
|
|
||||||
|
Security
|
||||||
|
* NULL pointer dereference in the buffer-based allocator when the buffer is
|
||||||
|
full and polarssl_free() is called (found by Jean-Philippe Aumasson)
|
||||||
|
(only possible if POLARSSL_MEMORY_BUFFER_ALLOC_C is enabled, which it is
|
||||||
|
not by default).
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Stack buffer overflow if ctr_drbg_update() is called with too large
|
* Stack buffer overflow if ctr_drbg_update() is called with too large
|
||||||
add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
|
add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
|
||||||
|
|
|
@ -484,7 +484,8 @@ static void buffer_alloc_free( void *ptr )
|
||||||
if( old == NULL )
|
if( old == NULL )
|
||||||
{
|
{
|
||||||
hdr->next_free = heap.first_free;
|
hdr->next_free = heap.first_free;
|
||||||
heap.first_free->prev_free = hdr;
|
if( heap.first_free != NULL )
|
||||||
|
heap.first_free->prev_free = hdr;
|
||||||
heap.first_free = hdr;
|
heap.first_free = hdr;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue