Fix argument validation in asn1_write_10x

1 << bits doesn't work when bits is too large. Found by ASan.
This commit is contained in:
Gilles Peskine 2018-06-28 19:04:07 +02:00 committed by itayzafrir
parent 0c938be967
commit 480416af9d

View file

@ -46,7 +46,9 @@ static int asn1_write_10x( unsigned char **p,
{ {
int ret; int ret;
int len = bits / 8 + 1; int len = bits / 8 + 1;
if( x >= 1 << bits ) if( bits == 0 )
return( MBEDTLS_ERR_ASN1_INVALID_DATA );
if( bits <= 8 && x >= 1 << ( bits - 1 ) )
return( MBEDTLS_ERR_ASN1_INVALID_DATA ); return( MBEDTLS_ERR_ASN1_INVALID_DATA );
if( *p < start || *p - start < (ssize_t) len ) if( *p < start || *p - start < (ssize_t) len )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );