Fix integer overflows in buffer bound checks
Fix potential integer overflows in the following functions:
* mbedtls_md2_update() to be bypassed and cause
* mbedtls_cipher_update()
* mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
diff --git a/ChangeLog b/ChangeLog
index f24186b..fc240c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21,6 +21,12 @@
* Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing
the input string in PEM format to extract the different components. Found
by Eyal Itkin.
+ * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could
+ cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+ * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could
+ cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+ * Fixed potential arithmetic overflow in mbedtls_md2_update() that could
+ cause buffer bound checks to be bypassed. Found by Eyal Itkin.
= mbed TLS 2.4.1 branch released 2016-12-13