Included tests for the overflow

commit: eddfe8f6f3ac3597ce95581c47658e7c696d4497 [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Mon Feb 08 14:52:29 2016 +0000
committer: Simon Butcher <simon.butcher@arm.com> Wed Mar 09 21:06:19 2016 +0000
tree: 93de98070ea5244f9ea9f86f284f76570a6dd443
parent: 5be92eae55396202a71a49f65a58988dcf369933 [diff] [blame]
diff --git a/library/rsa.c b/library/rsa.c
index fba68dd..3cb92f4 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -529,7 +529,8 @@
     olen = ctx->len;
     hlen = mbedtls_md_get_size( md_info );
 
-    if( olen < ilen + 2 * hlen + 2 )
+    // first comparison checks for overflow
+    if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
     memset( output, 0, olen );
@@ -594,8 +595,9 @@
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
     olen = ctx->len;
-
-    if( olen < ilen + 11 )
+    
+    // first comparison checks for overflow
+    if( ilen + 11 < ilen || olen < ilen + 11 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
     nb_pad = olen - 3 - ilen;
commit	eddfe8f6f3ac3597ce95581c47658e7c696d4497	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Mon Feb 08 14:52:29 2016 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Wed Mar 09 21:06:19 2016 +0000
tree	93de98070ea5244f9ea9f86f284f76570a6dd443
parent	5be92eae55396202a71a49f65a58988dcf369933 [diff] [blame]