From c983c81a239d44b53a32f794ee77a86f7f8d9e38 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 1 Feb 2019 16:41:30 +0000 Subject: [PATCH] Fix 1-byte buffer overflow in mbedtls_mpi_write_string() This can only occur for negative numbers. Fixes #2404. --- library/bignum.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/bignum.c b/library/bignum.c index 87015af0c8..23bcca92c9 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -602,7 +602,10 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, mbedtls_mpi_init( &T ); if( X->s == -1 ) + { *p++ = '-'; + buflen--; + } if( radix == 16 ) {