| commit | af97cae27dab0de5396e341c80370d74fcb1d2e7 | [log] [tgz] |
|---|---|---|
| author | Hanno Becker <hanno.becker@arm.com> | Fri Feb 01 16:41:30 2019 +0000 |
| committer | Janos Follath <janos.follath@arm.com> | Wed Mar 06 13:50:54 2019 +0000 |
| tree | 5ebf3b45cce3251d3c2075edbfbd352f30ab287d | |
| parent | cef29a2fd0249751b5723cbbeb3e14c0dfa099b2 [diff] [blame] |
Fix 1-byte buffer overflow in mbedtls_mpi_write_string() This can only occur for negative numbers. Fixes #2404.
diff --git a/library/bignum.c b/library/bignum.c index 47e4529..467c3aa 100644 --- a/library/bignum.c +++ b/library/bignum.c
@@ -602,7 +602,10 @@ mbedtls_mpi_init( &T ); if( X->s == -1 ) + { *p++ = '-'; + buflen--; + } if( radix == 16 ) {