mbedtls/library
Andrzej Kurek acf7f2ce93 Guard from undefined behaviour in case of an INT_MAX max_pathlen
When parsing a certificate with the basic constraints extension
the max_pathlen that was read from it was incremented regardless
of its value. However, if the max_pathlen is equal to INT_MAX (which
is highly unlikely), an undefined behaviour would occur.
This commit adds a check to ensure that such value is not accepted
as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced.
Certificates added in this commit were generated using the
test_suite_x509write, function test_x509_crt_check. Input data taken
from the "Certificate write check Server1 SHA1" test case, so the generated
files are like the "server1.crt", but with the "is_ca" field set to 1 and
max_pathlen as described by the file name.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-17 11:29:20 +02:00
..
.gitignore
aes.c Zeroize local AES variables before exiting the function 2019-11-12 03:34:03 -05:00
aesni.c
arc4.c
aria.c
asn1parse.c
asn1write.c Fix ASN1 bitstring writing 2019-02-11 21:13:33 +00:00
base64.c
bignum.c Minor comment improvement 2020-02-03 16:21:31 +01:00
blowfish.c
camellia.c
ccm.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
certs.c Update certificates to expire in 2029 2019-07-10 18:35:10 +03:00
chacha20.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
chachapoly.c
cipher.c Remove redundant block_size validity check 2020-01-27 15:16:16 +01:00
cipher_wrap.c
cmac.c
CMakeLists.txt Bump version to Mbed TLS 2.16.6 2020-04-08 17:17:27 +01:00
ctr_drbg.c Merge remote-tracking branch 'origin/mbedtls-2.16' into mbedtls-2.16-restricted 2020-01-15 16:59:41 +00:00
debug.c Merge remote-tracking branch 'origin/pr/1818' into mbedtls-2.16 2019-03-05 16:28:18 +00:00
des.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
dhm.c Allow DHM self test to run without MBEDTLS_PEM_PARSE_C 2019-05-30 10:58:12 +01:00
ecdh.c Fix mbedtls_ecdh_get_params with new ECDH context 2019-02-22 12:51:51 +01:00
ecdsa.c Fix incrementing pointer instead of value 2020-01-24 12:35:47 +01:00
ecjpake.c Fix handling of md failure 2019-07-08 15:44:18 +02:00
ecp.c Fix leakage of projective coordinates in ECC 2020-04-01 11:02:18 +02:00
ecp_curves.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
entropy.c
entropy_poll.c
error.c Fix #2370, minor typos and spelling mistakes 2019-02-18 14:50:57 +00:00
gcm.c
havege.c Prevent building the HAVEGE module on platforms where it doesn't work 2019-06-17 15:12:51 +02:00
hkdf.c
hmac_drbg.c HMAC_DRBG: support set_entropy_len() before seed() 2019-10-23 18:00:03 +02:00
Makefile Fix #2370, minor typos and spelling mistakes 2019-02-18 14:50:57 +00:00
md.c
md2.c
md4.c Add more missing parentheses around macro parameters 2019-04-24 10:52:53 +02:00
md5.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
md_wrap.c
memory_buffer_alloc.c
net_sockets.c net_sockets: Fix typo in net_would_block() 2019-06-20 16:33:02 +01:00
nist_kw.c
oid.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
padlock.c
pem.c
pk.c
pk_wrap.c
pkcs5.c
pkcs11.c
pkcs12.c
pkparse.c Fix pkparse bug wrt MBEDTLS_RSA_ALT 2020-02-18 10:49:06 +01:00
pkwrite.c Merge remote-tracking branch 'upstream-restricted/pr/503' into mbedtls-2.16-restricted 2019-08-14 16:39:24 +02:00
platform.c
platform_util.c Check for zero length and NULL buffer pointer 2019-09-04 11:19:38 +01:00
poly1305.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
ripemd160.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
rsa.c Parse RSA parameters DP, DQ and QP from PKCS1 private keys 2020-01-29 13:09:55 -05:00
rsa_internal.c
sha1.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
sha256.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
sha512.c Add more missing parentheses around macro parameters 2019-04-24 10:52:53 +02:00
ssl_cache.c
ssl_ciphersuites.c Reduce priority of 3DES ciphersuites 2019-03-01 10:29:13 +01:00
ssl_cli.c Parse HelloVerifyRequest: avoid buffer overread at the start 2019-11-21 14:09:49 +01:00
ssl_cookie.c
ssl_srv.c Fix #2370, minor typos and spelling mistakes 2019-02-18 14:50:57 +00:00
ssl_ticket.c
ssl_tls.c Improve debug logging of client hard reconnect 2020-03-31 12:32:38 +02:00
threading.c
timing.c timing: Remove redundant include file 2019-06-20 16:33:02 +01:00
version.c
version_features.c Move MBEDTLS_CTR_DRBG_USE_128_BIT_KEY to the correct section 2019-10-04 11:21:25 +02:00
x509.c Correct comment on the configuration option in x509.c 2020-03-28 00:35:49 +00:00
x509_create.c
x509_crl.c Always return a high-level error code from X.509 module 2019-06-04 14:01:10 +01:00
x509_crt.c Guard from undefined behaviour in case of an INT_MAX max_pathlen 2020-04-17 11:29:20 +02:00
x509_csr.c
x509write_crt.c Change size of preallocated buffer for pk_sign() calls 2019-06-06 13:13:26 +02:00
x509write_csr.c Add missing return code check on call to mbedtls_md() 2020-01-22 18:59:37 +01:00
xtea.c