From c983c81a239d44b53a32f794ee77a86f7f8d9e38 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 1 Feb 2019 16:41:30 +0000
Subject: [PATCH] Fix 1-byte buffer overflow in mbedtls_mpi_write_string()

This can only occur for negative numbers. Fixes #2404.
---
 library/bignum.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/bignum.c b/library/bignum.c
index 87015af0c8..23bcca92c9 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -602,7 +602,10 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
     mbedtls_mpi_init( &T );
 
     if( X->s == -1 )
+    {
         *p++ = '-';
+        buflen--;
+    }
 
     if( radix == 16 )
     {