Fix other occurrences of same bounds check issue Security impact is the same: not triggerrable remotely except in very specific use cases backport of 4dc9b39

commit: 8abc22dde5410fea5eab43544a93bda3945f275b [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Wed Oct 21 12:23:09 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Tue Oct 27 11:47:37 2015 +0100
tree: 516a437ba82873f5684036f99deeac2bce5d637b
parent: 758f490c90eedcea91a8859eef035640c9a30f5b [diff] [blame]
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 35dbd0b..bb9514e 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c

@@ -97,7 +97,7 @@
         return( ret );
     }
 
-    if( *p - start < (int) len )
+    if( *p < start || (size_t)( *p - start ) < len )
         return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
 
     *p -= len;
commit	8abc22dde5410fea5eab43544a93bda3945f275b	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Wed Oct 21 12:23:09 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Tue Oct 27 11:47:37 2015 +0100
tree	516a437ba82873f5684036f99deeac2bce5d637b
parent	758f490c90eedcea91a8859eef035640c9a30f5b [diff] [blame]