mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-25 02:48:10 +00:00
Fix bug in oid_get_numeric_string()
Overflow check was done too early, causing many false positives.
This commit is contained in:
parent
444b42710a
commit
dffba8f63e
1 changed files with 5 additions and 4 deletions
|
@ -33,6 +33,7 @@
|
||||||
#include "polarssl/rsa.h"
|
#include "polarssl/rsa.h"
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
#include <limits.h>
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Macro to generate an internal function for oid_XXX_from_asn1() (used by
|
* Macro to generate an internal function for oid_XXX_from_asn1() (used by
|
||||||
|
@ -521,13 +522,13 @@ int oid_get_numeric_string( char *buf, size_t size,
|
||||||
SAFE_SNPRINTF();
|
SAFE_SNPRINTF();
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Prevent overflow in value. */
|
|
||||||
if( oid->len > sizeof(value) )
|
|
||||||
return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
|
|
||||||
|
|
||||||
value = 0;
|
value = 0;
|
||||||
for( i = 1; i < oid->len; i++ )
|
for( i = 1; i < oid->len; i++ )
|
||||||
{
|
{
|
||||||
|
/* Prevent overflow in value. */
|
||||||
|
if (value > (UINT_MAX >> 7) )
|
||||||
|
return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
|
||||||
|
|
||||||
value <<= 7;
|
value <<= 7;
|
||||||
value += oid->p[i] & 0x7F;
|
value += oid->p[i] & 0x7F;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue