Fix integer overflows in buffer bound checks Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed.

commit: 74ef65077202543b06f1d310d2db3fb69facc0d7 [log] [tgz]
author: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com> Wed Jan 18 13:56:58 2017 +0000
committer: Simon Butcher <simon.butcher@arm.com> Sat Feb 25 21:25:44 2017 +0000
tree: 85160e0695c42b44f08d7faffb205aa4dc57caf5
parent: 480f7e7d5e5996f2bfd9a88aa2a043edae5c0354 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 83fd5ac..6f5d24b 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -16,6 +16,12 @@
    * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing
      the input string in PEM format to extract the different components. Found
      by Eyal Itkin.
+   * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could
+     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+   * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could
+     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+   * Fixed potential arithmetic overflow in mbedtls_md2_update() that could
+     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
 
 = mbed TLS 1.3.18 branch 2016-10-17
commit	74ef65077202543b06f1d310d2db3fb69facc0d7	[log] [tgz]
author	Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>	Wed Jan 18 13:56:58 2017 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Sat Feb 25 21:25:44 2017 +0000
tree	85160e0695c42b44f08d7faffb205aa4dc57caf5
parent	480f7e7d5e5996f2bfd9a88aa2a043edae5c0354 [diff] [blame]