cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add end-of-buffer check to prevent heap-buffer-overflow

Browse Source 
Dereference of *p should not happen when it points past the end of the
buffer.

Internal reference: IOTSSL-1663
This commit is contained in:
Sanne Wouda 2017-08-21 15:58:12 +01:00 committed by Gilles Peskine
parent 32605dc830
commit b2b29d5259
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
library/pkparse.c
View File

@ -181,6 +181,9 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
{ {
int ret; int ret;
if ( end - *p < 1 )
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
/* Tag may be either OID or SEQUENCE */ /* Tag may be either OID or SEQUENCE */
params->tag = **p; params->tag = **p;
if( params->tag != MBEDTLS_ASN1_OID if( params->tag != MBEDTLS_ASN1_OID