You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by ut...@apache.org on 2019/01/17 01:01:15 UTC
[mynewt-core] branch master updated: Fix a buffer overflow on EC
point load
This is an automated email from the ASF dual-hosted git repository.
utzig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-core.git
The following commit(s) were added to refs/heads/master by this push:
new 2789a11 Fix a buffer overflow on EC point load
2789a11 is described below
commit 2789a11dc644cd436af608f75c357e874f7c67ad
Author: Fabio Utzig <ut...@apache.org>
AuthorDate: Wed Jan 16 16:44:44 2019 -0800
Fix a buffer overflow on EC point load
While loading a new EC point, when it was smaller than the expected
number of bytes, a zero padding was being written beyond the end of the
buffer instead of at the initial position.
---
boot/bootutil/src/image_ec256.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c
index 3220784..020c44e 100644
--- a/boot/bootutil/src/image_ec256.c
+++ b/boot/bootutil/src/image_ec256.c
@@ -96,10 +96,10 @@ tinycrypt_read_bigint(uint8_t i[NUM_ECC_BYTES], uint8_t **cp, uint8_t *end)
return -3;
}
- if (len > NUM_ECC_BYTES) {
+ if (len >= NUM_ECC_BYTES) {
memcpy(i, *cp + len - NUM_ECC_BYTES, NUM_ECC_BYTES);
} else {
- memset(i + NUM_ECC_BYTES, 0, NUM_ECC_BYTES - len);
+ memset(i, 0, NUM_ECC_BYTES - len);
memcpy(i + NUM_ECC_BYTES - len, *cp, len);
}
*cp += len;