Fix 1-byte buffer overflow in mbedtls_mpi_write_string() This can only occur for negative numbers. Fixes #2404.

commit: c983c81a239d44b53a32f794ee77a86f7f8d9e38 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Fri Feb 01 16:41:30 2019 +0000
committer: Hanno Becker <hanno.becker@arm.com> Fri Feb 01 16:41:30 2019 +0000
tree: 967335635f5212b313c9ba0a1913b1a95798a163
parent: f352f75f6bd5734c8f671323dd6ab32472d5da34 [diff] [blame]
diff --git a/library/bignum.c b/library/bignum.c
index 87015af..23bcca9 100644
--- a/library/bignum.c
+++ b/library/bignum.c

@@ -602,7 +602,10 @@
     mbedtls_mpi_init( &T );
 
     if( X->s == -1 )
+    {
         *p++ = '-';
+        buflen--;
+    }
 
     if( radix == 16 )
     {
commit	c983c81a239d44b53a32f794ee77a86f7f8d9e38	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Fri Feb 01 16:41:30 2019 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Fri Feb 01 16:41:30 2019 +0000
tree	967335635f5212b313c9ba0a1913b1a95798a163
parent	f352f75f6bd5734c8f671323dd6ab32472d5da34 [diff] [blame]