Fix other occurrences of same bounds check issue Security impact is the same: not triggerrable remotely except in very specific use cases

commit: 4dc9b394d397e331f5c14f7e053aafaccc771321 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Wed Oct 21 12:23:09 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Wed Oct 21 12:50:45 2015 +0200
tree: c63e4e0c31b7efa5b4144c29af3b7c2f7f1b3a29
parent: 22c3b7b9dae1f5756635923d26f3df7f15e1d337 [diff] [blame]
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 0a16eac..83b798c 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c

@@ -96,7 +96,7 @@
         return( ret );
     }
 
-    if( *p - start < (int) len )
+    if( *p < start || (size_t)( *p - start ) < len )
         return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
     *p -= len;
commit	4dc9b394d397e331f5c14f7e053aafaccc771321	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Wed Oct 21 12:23:09 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Wed Oct 21 12:50:45 2015 +0200
tree	c63e4e0c31b7efa5b4144c29af3b7c2f7f1b3a29
parent	22c3b7b9dae1f5756635923d26f3df7f15e1d337 [diff] [blame]