Fix null pointer dereference in the RSA module. Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt

commit: 7ddc2cdfce7322f73b97375ba67b6de7c0cb55ae [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Fri Mar 18 11:45:44 2016 +0000
committer: Simon Butcher <simon.butcher@arm.com> Tue Apr 19 10:28:24 2016 +0100
tree: 657d3dca53cef9176cbe857cbdbd077a87b396e6
parent: e9f842782bf3e3240f56e3a286e8ef1ba2146595 [diff]
diff --git a/ChangeLog b/ChangeLog
index 1581a3a..9a3b8a7 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -8,6 +8,8 @@
      Follath. #309
    * Fix issue in Makefile that prevented building using armar. #386
    * Fix issue that caused a hang up when generating RSA keys of odd bitlength
+   * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer
+     dereference possible.
 
 Changes
    * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,

diff --git a/library/rsa.c b/library/rsa.c
index d86fbc5..16114ac 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -586,7 +586,8 @@
     if( mode == RSA_PRIVATE && ctx->padding != RSA_PKCS_V15 )
         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
-    if( f_rng == NULL )
+    // We don't check p_rng because it won't be dereferenced here
+    if( f_rng == NULL || input == NULL || output == NULL )
         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
     olen = ctx->len;
commit	7ddc2cdfce7322f73b97375ba67b6de7c0cb55ae	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Fri Mar 18 11:45:44 2016 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Tue Apr 19 10:28:24 2016 +0100
tree	657d3dca53cef9176cbe857cbdbd077a87b396e6
parent	e9f842782bf3e3240f56e3a286e8ef1ba2146595 [diff]