From af97cae27dab0de5396e341c80370d74fcb1d2e7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 1 Feb 2019 16:41:30 +0000 Subject: [PATCH] Fix 1-byte buffer overflow in mbedtls_mpi_write_string() This can only occur for negative numbers. Fixes #2404. --- library/bignum.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/bignum.c b/library/bignum.c index 47e4529befe2..467c3aa4b9a2 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -602,7 +602,10 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, mbedtls_mpi_init( &T ); if( X->s == -1 ) + { *p++ = '-'; + buflen--; + } if( radix == 16 ) {