Fix buffer overflow in mbedtls_mpi_write_string() Fix a buffer overflow when writting a string representation of an MPI number to a buffer in hexadecimal. The problem occurs because hex digits are written in pairs and this is not accounted for in the calculation of the required buffer size when the number of digits is odd.

commit: d1cc7f6f346a4401dfc05ea8a8575259d7f271bc [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Fri Jan 06 13:17:35 2017 +0000
committer: Simon Butcher <simon.butcher@arm.com> Thu Mar 02 21:34:21 2017 +0000
tree: c4e79a11e596fa74ed0aa2bf03af4529d507f088
parent: 99acfc45213f60957236c2db7671311f033b49c8 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index e22fdee..0407b6a 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -56,6 +56,9 @@
      generated in Visual Studio 2015. Reported by Steve Valliere. #742
    * Fix a resource leak in ssl_cookie, when using MBEDTLS_THREADING_C.
      Raised and fix suggested by Alan Gillingham in the mbed TLS forum. #771
+   * Fix 1 byte buffer overflow in mbedtls_mpi_write_string() when the MPI
+     number to write in hexadecimal is negative and requires an odd number of
+     digits. Found and fixed by Guido Vranken.
 
 = mbed TLS 2.4.1 branch released 2016-12-13
commit	d1cc7f6f346a4401dfc05ea8a8575259d7f271bc	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Fri Jan 06 13:17:35 2017 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Thu Mar 02 21:34:21 2017 +0000
tree	c4e79a11e596fa74ed0aa2bf03af4529d507f088
parent	99acfc45213f60957236c2db7671311f033b49c8 [diff] [blame]