From 168f60aad94d34625ef500c3917606f21594cd64 Mon Sep 17 00:00:00 2001
From: dataibao <lqwangpa@163.com>
Date: Mon, 11 Oct 2021 16:15:09 +0800
Subject: [PATCH] modify CVE-2020-36475 and CVE-2020-36478

---
 library/bignum.c   | 4 ++++
 library/x509_crt.c | 1 +
 2 files changed, 5 insertions(+)

diff --git a/library/bignum.c b/library/bignum.c
index dfe976d64..a9d51944e 100755
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -2058,6 +2058,10 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
     if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
 
+    if( mbedtls_mpi_bitlen( E ) > MBEDTLS_MPI_MAX_BITS ||
+        mbedtls_mpi_bitlen( N ) > MBEDTLS_MPI_MAX_BITS )
+        return ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
     /*
      * Init temps and window size
      */
diff --git a/library/x509_crt.c b/library/x509_crt.c
index fadd28eff..00f7ea642 100755
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1088,6 +1088,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
 
     if( crt->sig_oid.len != sig_oid2.len ||
         memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
+	sig_params1.tag != sig_params2.tag ||
         sig_params1.len != sig_params2.len ||
         ( sig_params1.len != 0 &&
           memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
-- 
Gitee