Google Git
Sign in
pigweed/third_party/github/ARMmbed/mbedtls/6a54336897e5150b95c64bf1eea122cdd9556a9c^!/./ChangeLog
commit
6a54336897e5150b95c64bf1eea122cdd9556a9c
[log]
author
Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Tue Jan 17 23:04:22 2017 +0000
committer
Simon Butcher <simon.butcher@arm.com>
Wed Feb 15 23:31:07 2017 +0200
tree
09756beb852437c77e72cc74c3314c9fb0428668
parent
49d29337facd93e5d1039b7073ded21ec6dde54d [diff] [blame]
Fix integer overflows in buffer bound checks

Fix potential integer overflows in the following functions:
  * mbedtls_md2_update() to be bypassed and cause
  * mbedtls_cipher_update()
  * mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.

diff --git a/ChangeLog b/ChangeLog
index f24186b..fc240c3 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -21,6 +21,12 @@
    * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing
      the input string in PEM format to extract the different components. Found
      by Eyal Itkin.
+   * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could
+     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+   * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could
+     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+   * Fixed potential arithmetic overflow in mbedtls_md2_update() that could
+     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
 
 = mbed TLS 2.4.1 branch released 2016-12-13