X.509: Add length consistency checks to x509_get_other_name()

Mbed-TLS · Sep 13, 2019 · 9ab98f0 · 9ab98f0
1 parent 5824866
commit 9ab98f0
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/library/x509_crt.c b/library/x509_crt.c
@@ -1688,12 +1688,26 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
     p += len;
     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
+    {
         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+    }
+
+    if( end != p + len )
+    {
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
 
     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
                      MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
 
+    if( end != p + len )
+    {
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
+
     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 )
         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );