commit 98c96fe7c6bad1ffb7d7a1b62596bc0e027b3be9
author Simon Butcher <simon.butcher@arm.com> Fri Feb 03 16:54:49 2017 +0000
committer Simon Butcher <simon.butcher@arm.com> Fri Feb 03 16:54:49 2017 +0000
tree 4edd664ef7f7df756b10a7f66a2947c808433625
parent 50b4b12f9f423bcd0dead5c395c69c4ee8acdb8e
parent df33a6a8056be7fcb8a1784fa026d0308f19dc7b

Merge branch 'mbedtls-1.3'

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 1e1420a..446397f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,16 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS x.x.x branch xxxx-xx-xx
+= mbed TLS 1.3.x branch released xxxx-xx-xx
 
 Bugfix
+   * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could
+     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+   * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could
+     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+   * Fixed potential arithmetic overflow in mbedtls_md2_update() that could
+     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
+   * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could
+     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
    * Fix unused variable/function compilation warnings in pem.c and x509_csr.c
      that are reported when building mbed TLS with a config.h that does not
      define POLARSSL_PEM_PARSE_C. Found by omnium21. #562

library/base64.c

diff --git a/library/base64.c b/library/base64.c
index 7de87e5..ba69260 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -198,7 +198,11 @@
         return( 0 );
     }
 
-    n = ( ( n * 6 ) + 7 ) >> 3;
+    /* The following expression is to calculate the following formula without
+     * risk of integer overflow in n:
+     *     n = ( ( n * 6 ) + 7 ) >> 3;
+     */
+    n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
     n -= j;
 
     if( dst == NULL || *dlen < n )

library/cipher.c

diff --git a/library/cipher.c b/library/cipher.c
index b69d331..7ea25cf 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -315,9 +315,9 @@
          * If there is not enough data for a full block, cache it.
          */
         if( ( ctx->operation == POLARSSL_DECRYPT &&
-                ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
+                ilen <= cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ||
              ( ctx->operation == POLARSSL_ENCRYPT &&
-                ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
+                ilen < cipher_get_block_size( ctx ) - ctx->unprocessed_len ) )
         {
             memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
                     ilen );

library/ctr_drbg.c

diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 24adff0..7b315e8 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -277,7 +277,8 @@
     unsigned char seed[CTR_DRBG_MAX_SEED_INPUT];
     size_t seedlen = 0;
 
-    if( ctx->entropy_len + len > CTR_DRBG_MAX_SEED_INPUT )
+    if( ctx->entropy_len > CTR_DRBG_MAX_SEED_INPUT ||
+        len > CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
         return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG );
 
     memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT );

library/md2.c

diff --git a/library/md2.c b/library/md2.c
index 110cd95..2ac7eba 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -155,7 +155,7 @@
 
     while( ilen > 0 )
     {
-        if( ctx->left + ilen > 16 )
+        if( ilen > 16 - ctx->left )
             fill = 16 - ctx->left;
         else
             fill = ilen;