From 8f0985c700fcc49b1fe5de315bb99e8bb19ab4c8 Mon Sep 17 00:00:00 2001
From: dataibao <lqwangpa@163.com>
Date: Mon, 11 Oct 2021 17:37:35 +0800
Subject: [PATCH] fix:CVE-2020-36475 and CVE-2020-36478

Signed-off-by: dataibao <lqwangpa@163.com>
---
 library/bignum.c   | 4 ++++
 library/x509_crt.c | 1 +
 2 files changed, 5 insertions(+)

diff --git a/library/bignum.c b/library/bignum.c
index dfe976d..a9d5194 100755
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -2058,6 +2058,10 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
     if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
 
+    if( mbedtls_mpi_bitlen( E ) > MBEDTLS_MPI_MAX_BITS ||
+        mbedtls_mpi_bitlen( N ) > MBEDTLS_MPI_MAX_BITS )
+        return ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
     /*
      * Init temps and window size
      */
diff --git a/library/x509_crt.c b/library/x509_crt.c
index fadd28e..00f7ea6 100755
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1088,6 +1088,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
 
     if( crt->sig_oid.len != sig_oid2.len ||
         memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
+	sig_params1.tag != sig_params2.tag ||
         sig_params1.len != sig_params2.len ||
         ( sig_params1.len != 0 &&
           memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
-- 
GitLab