| Gilles Peskine | c8a9177 | 2021-01-27 22:30:43 +0100 | [diff] [blame] | 1 | Security |
| 2 | * Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating | ||||
| 3 | |A| - |B| where |B| is larger than |A| and has more limbs (so the | ||||
| 4 | function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only | ||||
| 5 | applications calling mbedtls_mpi_sub_abs() directly are affected: | ||||
| 6 | all calls inside the library were safe since this function is | ||||
| 7 | only called with |A| >= |B|. Reported by Guido Vranken in #4042. | ||||