commit 215a14bf29c5eac125ab986adefa37bb4fbc5284
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Oct 21 10:16:29 2015 +0200
committer Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Tue Oct 27 11:47:37 2015 +0100
tree 95583cd1d2459f2ab5173a9deb9fc628655da858
parent 9c521767760d2a3edba4e133e69b1910d79311c9

Fix potential heap corruption on Windows

If len is large enough, when cast to an int it will be negative and then the
test if( len > MAX_PATH - 3 ) will not behave as expected.

Ref: IOTSSL-518

backport of 261faed725e29bd34abbf1f95df5fab43791f40c

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 3fb2b68..200f6bb 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -973,7 +973,7 @@
     WCHAR szDir[MAX_PATH];
     char filename[MAX_PATH];
     char *p;
-    int len = (int) strlen( path );
+    size_t len = strlen( path );
 
     WIN32_FIND_DATAW file_data;
     HANDLE hFind;
@@ -1007,7 +1007,7 @@
 
         w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
                                      lstrlenW( file_data.cFileName ),
-                                     p, len - 1,
+                                     p, (int) len - 1,
                                      NULL, NULL );
         if( w_ret == 0 )
             return( POLARSSL_ERR_X509_FILE_IO_ERROR );