c8a9177110
Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating |A| - |B| where |B| is larger than |A| and has more limbs (so the function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Fix #4042 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
8 lines
423 B
Plaintext
8 lines
423 B
Plaintext
Security
|
|
* Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|
|
|A| - |B| where |B| is larger than |A| and has more limbs (so the
|
|
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
|
|
applications calling mbedtls_mpi_sub_abs() directly are affected:
|
|
all calls inside the library were safe since this function is
|
|
only called with |A| >= |B|. Reported by Guido Vranken in #4042.
|