From 7eb1243fb4066222783b38ae0e3f86096a2facf4 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 14 Jul 2016 10:27:08 +0100 Subject: [PATCH] Add check for lengths over 65535 in mbedtls_asn1_write_len() --- include/mbedtls/asn1write.h | 2 ++ library/asn1write.c | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 73ff32b66..4d2917ee9 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -40,6 +40,8 @@ extern "C" { * \param start start of the buffer (for bounds-checking) * \param len the length to write * + * \note lengths over 65535 are not supported at the moment + * * \return the length written or a negative error code */ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len ); diff --git a/library/asn1write.c b/library/asn1write.c index 027c858e7..ef35ee438 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -41,6 +41,11 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len ) { + // We don't support lengths over 65535 for now + // + if( len > 0xFFFF ) + return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if( len < 0x80 ) { if( *p - start < 1 ) @@ -63,8 +68,6 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len if( *p - start < 3 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - // We assume we never have lengths larger than 65535 bytes - // *--(*p) = len % 256; *--(*p) = ( len / 256 ) % 256; *--(*p) = 0x82;