| commit | eff335d575e0949ba25b60a358f31461eab055fe | [log] [tgz] |
|---|---|---|
| author | Hanno Becker <hanno.becker@arm.com> | Fri Feb 01 16:41:30 2019 +0000 |
| committer | Janos Follath <janos.follath@arm.com> | Wed Mar 06 13:56:31 2019 +0000 |
| tree | e9df08bbda4fc3b2ec20fda87f9d84d41e3b5609 | |
| parent | 3a70ab931916fbbb17a4426962851f46beb1306f [diff] |
Fix 1-byte buffer overflow in mbedtls_mpi_write_string() This can only occur for negative numbers. Fixes #2404.
diff --git a/library/bignum.c b/library/bignum.c index f6e50b9..54ab7e3 100644 --- a/library/bignum.c +++ b/library/bignum.c
@@ -572,7 +572,10 @@ mbedtls_mpi_init( &T ); if( X->s == -1 ) + { *p++ = '-'; + buflen--; + } if( radix == 16 ) {