Add end-of-buffer check to prevent heap-buffer-overflow

Dereference of *p should not happen when it points past the end of the
buffer.

Internal reference: IOTSSL-1663
This commit is contained in:
Sanne Wouda 2017-08-21 15:58:12 +01:00 committed by Gilles Peskine
parent 32605dc830
commit b2b29d5259

View file

@ -181,6 +181,9 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
{ {
int ret; int ret;
if ( end - *p < 1 )
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
/* Tag may be either OID or SEQUENCE */ /* Tag may be either OID or SEQUENCE */
params->tag = **p; params->tag = **p;
if( params->tag != MBEDTLS_ASN1_OID if( params->tag != MBEDTLS_ASN1_OID