Merge branch 'IOTSSL-628-BufferOverread'

commit: 078bcdd6f6848cc0baeb296c40d2bb537135b598 [log] [tgz]
author: Simon Butcher <simon.butcher@arm.com> Wed Mar 16 22:53:11 2016 +0000
committer: Simon Butcher <simon.butcher@arm.com> Wed Mar 16 22:53:11 2016 +0000
tree: 512a93873e65880814c122570560244fc2b08d9c
parent: 184990c1d46cb6b731579bf2550e4a08af458b7e [diff]
parent: bc247c99469028c536c051620f326374cd279414 [diff]
diff --git a/ChangeLog b/ChangeLog
index 96dfb37..fed72ba 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -11,6 +11,9 @@
    * Fix potential integer overflow to buffer overflow in
      mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
      (not triggerable remotely in (D)TLS).
+   * Fix a potential integer underflow to buffer overread in 
+     mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in
+     SSL/TLS.
 
 Bugfix
    * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three

diff --git a/library/rsa.c b/library/rsa.c
index 69db220..06f96ef 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -701,6 +701,12 @@
     if( md_info == NULL )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
+    hlen = mbedtls_md_get_size( md_info );
+
+    // checking for integer underflow
+    if( 2 * hlen + 2 > ilen )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
     /*
      * RSA operation
      */
@@ -714,8 +720,6 @@
     /*
      * Unmask data and generate lHash
      */
-    hlen = mbedtls_md_get_size( md_info );
-
     mbedtls_md_init( &md_ctx );
     mbedtls_md_setup( &md_ctx, md_info, 0 );
commit	078bcdd6f6848cc0baeb296c40d2bb537135b598	[log] [tgz]
author	Simon Butcher <simon.butcher@arm.com>	Wed Mar 16 22:53:11 2016 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Wed Mar 16 22:53:11 2016 +0000
tree	512a93873e65880814c122570560244fc2b08d9c
parent	184990c1d46cb6b731579bf2550e4a08af458b7e [diff]
parent	bc247c99469028c536c051620f326374cd279414 [diff]