From ace04a6dc3dd079935163ce4d566ef960fd3d1d9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 20 Feb 2019 09:35:34 +0000 Subject: [PATCH] Move bounds check into ASN.1 parsing function `x509_get_attr_type_value()` checks for the presence of a tag byte and reads and stores it before calling `mbedtls_asn1_get_tag()` which fails if either the tag byte is not present or not as expected. Therefore, the manual check can be removed and left to `mbedtls_asn1_get_tag()`, and the tag can be hardcoded after the call succeeded. This saves a few bytes of code. --- library/x509.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/library/x509.c b/library/x509.c index 858dd904e..2e7bd5710 100644 --- a/library/x509.c +++ b/library/x509.c @@ -362,17 +362,12 @@ static int x509_get_attr_type_value( unsigned char **p, return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); end = *p + len; - - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_X509_INVALID_NAME + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - oid = &cur->oid; - oid->tag = **p; if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); + oid->tag = MBEDTLS_ASN1_OID; oid->p = *p; *p += oid->len;