Buffer read out of bounds in derenc.c? #34
Description
In file File https://github.com/microsoft/RIoT/blob/master/Reference/RIoT/RIoTCrypt/derenc.c, line 291:
negative = Val[numLeadingZeros] >= 128;
This function is called by DerAddInteger like this:
long valx = htonl(Val); // TODO: REMOVE USAGE
int res = DERAddIntegerFromArray(Context, (uint8_t*)&valx, 4);
suppose long is 32 bytes and the value of Val is 0, then numLeadingzeros = 4,
so Val[4] is read, but this is the 5th byte, so out of bounds