Fix len miscalculation in buffer-based allocator

2026-03-13 18:12:57 +00:00 · 2014-11-27 13:57:42 +01:00
parent 547ff6618f
commit 5dd28ea432
2 changed files with 13 additions and 3 deletions
--- a/3
+++ b/3
@@ -18,6 +18,9 @@ Security
 Bugfix
   * Stack buffer overflow if ctr_drbg_update() is called with too large
     add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
+   * Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE
+     if memory_buffer_alloc_init() was called with buf not aligned and len not
+     a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE.

 = PolarSSL 1.3.9 released 2014-10-20
 Security