Google Git
Sign in
pigweed/third_party/github/Mbed-TLS/mbedtls-framework/2e65a54d5a2414b8fd3dc36ee1cca3ab9a36586c^!/./ChangeLog
commit
2e65a54d5a2414b8fd3dc36ee1cca3ab9a36586c
[log]
author
Andres AG <andres.amayagarcia@arm.com>
Fri Feb 17 13:54:43 2017 +0000
committer
Simon Butcher <simon.butcher@arm.com>
Thu Jul 27 15:08:01 2017 +0100
tree
e88bbec3e4ceea700059e700610062bcc5bbd749
parent
7ca4a039554670ce3011a1ef649b54a66e2cc7da [diff] [blame]
Prevent signed integer overflow in CSR parsing

Modify the function mbedtls_x509_csr_parse_der() so that it checks the
parsed CSR version integer before it increments the value. This prevents
a potential signed integer overflow, as these have undefined behaviour
in the C standard.

diff --git a/ChangeLog b/ChangeLog
index 567e988..eea6919 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -46,6 +46,10 @@
      Reported and fix suggested by guidovranken in #740
    * Fix conditional preprocessor directives in bignum.h to enable 64-bit
      compilation when using ARM Compiler 6.
+   * Fix potential integer overflow in the version verification for DER
+     encoded X509 CSRs. The overflow would enable maliciously constructed CSRs
+     to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
+     KNOX Security, Samsung Research America
 
 Security
    * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,