Memory corruption through mbedtls_mpi_sub_abs #4042

guidovranken · 2021-01-15T10:54:11Z

#include <mbedtls/bignum.h>

#define CF_CHECK_EQ(expr, res) if ( (expr) != (res) ) { goto end; }

int main(void)
{
    mbedtls_mpi A, B, R;

    /* noret */ mbedtls_mpi_init(&A);
    /* noret */ mbedtls_mpi_init(&B);
    /* noret */ mbedtls_mpi_init(&R);

    CF_CHECK_EQ(mbedtls_mpi_read_string(&A, 10, "18446744073709551610"), 0);
    CF_CHECK_EQ(mbedtls_mpi_read_string(&B, 10, "700000000000000000000000000000000000000000000000000000000000000000000000000000"), 0);

    mbedtls_mpi_sub_abs(&R, &A, &B);

end:
    /* noret */ mbedtls_mpi_free(&A);
    /* noret */ mbedtls_mpi_free(&B);
    /* noret */ mbedtls_mpi_free(&R);
    return 0;
}

Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating |A| - |B| where |B| is larger than |A| and has more limbs (so the function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Fix Mbed-TLS#4042 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

Add test cases for mbedtls_mpi_sub_abs() where the second operand has more limbs than the first operand (which, if the extra limbs are not all zero, implies that the function returns MBEDTLS_ERR_MPI_NEGATIVE_VALUE). This exposes a buffer overflow (reported in Mbed-TLS#4042). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating |A| - |B| where |B| is larger than |A| and has more limbs (so the function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Fix Mbed-TLS#4042 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

Add test cases for mbedtls_mpi_sub_abs() where the second operand has more limbs than the first operand (which, if the extra limbs are not all zero, implies that the function returns MBEDTLS_ERR_MPI_NEGATIVE_VALUE). This exposes a buffer overflow (reported in Mbed-TLS#4042). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating |A| - |B| where |B| is larger than |A| and has more limbs (so the function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Fix Mbed-TLS#4042 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

Add test cases for mbedtls_mpi_sub_abs() where the second operand has more limbs than the first operand (which, if the extra limbs are not all zero, implies that the function returns MBEDTLS_ERR_MPI_NEGATIVE_VALUE). This exposes a buffer overflow (reported in Mbed-TLS#4042). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating |A| - |B| where |B| is larger than |A| and has more limbs (so the function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Fix Mbed-TLS#4042 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

gabor-mezei-arm added bug Community component-tls labels Jan 15, 2021

daverodgman added the Product Backlog label Jan 17, 2021

gilles-peskine-arm mentioned this issue Jan 18, 2021

Remove a secret-dependent branch in Montgomery multiplication #3398

Merged

gilles-peskine-arm mentioned this issue Jan 27, 2021

Backport 2.7: Fix buffer overflow in mbedtls_mpi_sub_abs negative case #4077

Merged

gilles-peskine-arm added the fix available label Jan 27, 2021

This was referenced Feb 1, 2021

Fix buffer overflow in mbedtls_mpi_sub_abs negative case #4096

Merged

Backport 2.16: Fix buffer overflow in mbedtls_mpi_sub_abs negative case #4097

Merged

yanesca closed this as completed in #4096 Feb 2, 2021

gilles-peskine-arm mentioned this issue Feb 2, 2021

Ensure all desired patches are in the final 2.7 release #4101

Closed

2 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Memory corruption through mbedtls_mpi_sub_abs #4042

Memory corruption through mbedtls_mpi_sub_abs #4042

guidovranken commented Jan 15, 2021

Memory corruption through mbedtls_mpi_sub_abs #4042

Memory corruption through mbedtls_mpi_sub_abs #4042

Comments

guidovranken commented Jan 15, 2021