Skip to content

Commit

Permalink
Fixes OP-TEE#507 in LTC - vulnerability in der_decode_utf8_string()
Browse files Browse the repository at this point in the history 
Fix a vulnerability in der_decode_utf8_string as specified here:
libtom/libtomcrypt#507

Patch manually picked from:
  libtom/libtomcrypt@25c26a3

Signed-off-by: Luigi Coniglio <werew@ret2libc.com>
[Joakim Bech: Extended commit message]
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7)
Acked-by: Jerome Forissier <jerome@forissier.org>
  • Loading branch information
@werew @jbech-linaro
werew authored and jbech-linaro committed Oct 8, 2019
1 parent 5ecac6e commit 7552832
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion core/lib/libtomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c
View file
Expand Up @@ -66,7 +66,7 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen,
/* count number of bytes */
for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF);

if (z > 4 || (x + (z - 1) > inlen)) {
if (z == 1 || z > 4 || (x + (z - 1) > inlen)) {
return CRYPT_INVALID_PACKET;
}

Expand Down

0 comments on commit 7552832

Please sign in to comment.