Fix integer overflows in buffer bound checks
Fix potential integer overflows in the following functions:
* mbedtls_md2_update() to be bypassed and cause
* mbedtls_cipher_update()
* mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
diff --git a/library/cipher.c b/library/cipher.c
index ccc0685..1523b07 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -300,9 +300,9 @@
* If there is not enough data for a full block, cache it.
*/
if( ( ctx->operation == MBEDTLS_DECRYPT &&
- ilen + ctx->unprocessed_len <= mbedtls_cipher_get_block_size( ctx ) ) ||
+ ilen <= mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ||
( ctx->operation == MBEDTLS_ENCRYPT &&
- ilen + ctx->unprocessed_len < mbedtls_cipher_get_block_size( ctx ) ) )
+ ilen < mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) )
{
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
ilen );
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index aefddfa..646196e 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -290,7 +290,8 @@
unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
size_t seedlen = 0;
- if( ctx->entropy_len + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+ if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ||
+ len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
diff --git a/library/md2.c b/library/md2.c
index 8976701..95cbcce 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -158,7 +158,7 @@
while( ilen > 0 )
{
- if( ctx->left + ilen > 16 )
+ if( ilen > 16 - ctx->left )
fill = 16 - ctx->left;
else
fill = ilen;