Null pointer dereference in mbedtls_mpi_mod_exp #4641
Labels
bug
component-crypto
Crypto primitives and low-level interfaces
size-m
Estimated task size: medium (~1w)
Comments
gilles-peskine-arm
added
bug
component-crypto
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Jun 11, 2021
Lessons learned in Mbed-TLS#4641 Signed-off-by: Gilles Peskine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Mbed TLS 2.26.0,
mbedtls_mpi_mod_exp(X, A, E, N, _)with A having zero limbs crashes with a null pointer dereference. The code works fine when A has the value 0 but is represented with at least one limb.In Mbed TLS 2.26.0, this bug is hard to reach since most functions that construct an MPI value (including
mbedtls_mpi_lsetandmbedtls_mpi_read_xxx, as well as most arithmetic operation) result in 0 being represented with at least 1 limb. In the development branch, a side effect of a change tombedtls_mpi_read_binary{,_le}made in #4276 caused these functions to allocate 0 limbs when the input is an empty string, which made the bug reachable from TLS, where it was found by OSS-Fuzz.The text was updated successfully, but these errors were encountered: