mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2024-12-29 09:21:19 +00:00
Prevent signed integer overflow in CSR parsing
Modify the function mbedtls_x509_csr_parse_der() so that it checks the parsed CSR version integer before it increments the value. This prevents a potential signed integer overflow, as these have undefined behaviour in the C standard.
This commit is contained in:
parent
80164741e1
commit
2e3ddfac5f
@ -46,6 +46,10 @@ Bugfix
|
||||
Reported and fix suggested by guidovranken in #740
|
||||
* Fix conditional preprocessor directives in bignum.h to enable 64-bit
|
||||
compilation when using ARM Compiler 6.
|
||||
* Fix potential integer overflow in the version verification for DER
|
||||
encoded X509 CSRs. The overflow would enable maliciously constructed CSRs
|
||||
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
||||
KNOX Security, Samsung Research America
|
||||
|
||||
Security
|
||||
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
|
||||
|
@ -168,14 +168,14 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
csr->version++;
|
||||
|
||||
if( csr->version != 1 )
|
||||
if( csr->version != 0 )
|
||||
{
|
||||
mbedtls_x509_csr_free( csr );
|
||||
return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
|
||||
}
|
||||
|
||||
csr->version++;
|
||||
|
||||
/*
|
||||
* subject Name
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user