Check invalid nc_off Uninitialized nc_off value >0xf passed by the caller can cause array out-of-bound.

commit: 3f7f8170d6ba71da9a9f624ef9da6c9edeb64b50 [log] [tgz]
author: Mohammad Azim Khan <Azim.Khan@arm.com> Thu Nov 23 17:49:05 2017 +0000
committer: Azim Khan <Azim.Khan@arm.com> Tue Apr 17 23:18:40 2018 +0100
tree: c96fadc22f4104b1bf731a739fad8c20d037718a
parent: 4ca9a457561fc774ca54898a72754bf53d60dba2 [diff] [blame]
diff --git a/library/aes.c b/library/aes.c
index da94b19..3bb8515 100644
--- a/library/aes.c
+++ b/library/aes.c

@@ -1082,6 +1082,9 @@
     int c, i;
     size_t n = *nc_off;
 
+    if ( n > 0x0F )
+        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+
     while( length-- )
     {
         if( n == 0 ) {
commit	3f7f8170d6ba71da9a9f624ef9da6c9edeb64b50	[log] [tgz]
author	Mohammad Azim Khan <Azim.Khan@arm.com>	Thu Nov 23 17:49:05 2017 +0000
committer	Azim Khan <Azim.Khan@arm.com>	Tue Apr 17 23:18:40 2018 +0100
tree	c96fadc22f4104b1bf731a739fad8c20d037718a
parent	4ca9a457561fc774ca54898a72754bf53d60dba2 [diff] [blame]