Included tests for the overflow Conflicts: library/rsa.c

commit: 742783fe85b24542a90704ccd15e5d983f6a758b [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Mon Feb 08 14:52:29 2016 +0000
committer: Simon Butcher <simon.butcher@arm.com> Wed May 18 19:58:41 2016 +0100
tree: 7638b124c0e63dd6db55ed1d391163a23d927644
parent: 21ca00243ca12f09b233dab86fd66250471c9d35 [diff] [blame]
diff --git a/library/rsa.c b/library/rsa.c
index c1fe6b8..26d69c5 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -525,7 +525,8 @@
     olen = ctx->len;
     hlen = md_get_size( md_info );
 
-    if( olen < ilen + 2 * hlen + 2 )
+    // first comparison checks for overflow
+    if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
     memset( output, 0, olen );
@@ -592,7 +593,8 @@
 
     olen = ctx->len;
 
-    if( olen < ilen + 11 )
+    // first comparison checks for overflow
+    if( ilen + 11 < ilen || olen < ilen + 11 )
         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
     nb_pad = olen - 3 - ilen;
commit	742783fe85b24542a90704ccd15e5d983f6a758b	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Mon Feb 08 14:52:29 2016 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Wed May 18 19:58:41 2016 +0100
tree	7638b124c0e63dd6db55ed1d391163a23d927644
parent	21ca00243ca12f09b233dab86fd66250471c9d35 [diff] [blame]