From c13c0d4524dedde047bc089a139b686ea85bc822 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Thu, 15 Aug 2013 13:58:01 +0200
Subject: [PATCH] Add a length check in rsa_get_pubkey()

---
 library/x509parse.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/x509parse.c b/library/x509parse.c
index 6d7d08df7..a4ee6b548 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -518,6 +518,10 @@ static int x509_get_rsapubkey( unsigned char **p,
         ( ret = asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
         return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
 
+    if( *p != end )
+        return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY +
+                POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
     if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
         return( ret );