From 073a070590104cc7148d03b4d1969632f57cc5f9 Mon Sep 17 00:00:00 2001
From: Sanne Wouda <sanne.wouda@arm.com>
Date: Mon, 21 Aug 2017 15:58:12 +0100
Subject: [PATCH] Add end-of-buffer check to prevent heap-buffer-overflow

Dereference of *p should not happen when it points past the end of the
buffer.

Internal reference: IOTSSL-1663
---
 library/pkparse.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/pkparse.c b/library/pkparse.c
index f0a12f983..e21470b27 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -175,6 +175,10 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
 {
     int ret;
 
+    if ( end - *p < 1 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
     /* Tag may be either OID or SEQUENCE */
     params->tag = **p;
     if( params->tag != MBEDTLS_ASN1_OID