x509: trailing bytes in DER: fix bug

Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer after DER certificates to be included in the raw representation. #377
This commit is contained in:
Janos Follath 2016-02-17 14:34:12 +00:00 committed by Simon Butcher
parent 02b8d481f6
commit 16734f011b
2 changed files with 17 additions and 8 deletions

View file

@ -7,6 +7,8 @@ Bugfix
arguments where the same (in-place doubling). Found and fixed by Janos arguments where the same (in-place doubling). Found and fixed by Janos
Follath. #309 Follath. #309
* Fix issue in Makefile that prevented building using armar. #386 * Fix issue in Makefile that prevented building using armar. #386
* Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer after DER certificates to be included in the raw representation.
Changes Changes
* On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,

View file

@ -680,14 +680,9 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
if( crt == NULL || buf == NULL ) if( crt == NULL || buf == NULL )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
p = mbedtls_calloc( 1, len = buflen ); // Use the original buffer until we figure out actual length
if( p == NULL ) p = (unsigned char*) buf;
return( MBEDTLS_ERR_X509_ALLOC_FAILED ); len = buflen;
memcpy( p, buf, buflen );
crt->raw.p = p;
crt->raw.len = len;
end = p + len; end = p + len;
/* /*
@ -711,6 +706,18 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
} }
crt_end = p + len; crt_end = p + len;
// Create and populate a new buffer for the raw field
crt->raw.len = crt_end - buf;
crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
if( p == NULL )
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
memcpy( p, buf, crt->raw.len );
// Direct pointers to the new buffer
p += crt->raw.len - len;
end = crt_end = p + len;
/* /*
* TBSCertificate ::= SEQUENCE { * TBSCertificate ::= SEQUENCE {
*/ */