From 9b88efc378e2968b08a5e827b9131e08eff0854b Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Fri, 13 Sep 2019 15:26:53 +0200 Subject: [PATCH] Check len against buffers size upper bound in PSA tests --- tests/suites/test_suite_psa_crypto.function | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 3225bef34..a70fa9e87 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -736,6 +736,11 @@ int asn1_skip_integer( unsigned char **p, const unsigned char *end, TEST_EQUAL( mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ), 0 ); + + /* Check if the retrieved length doesn't extend the actual buffer's size. + * It is assumed here, that end >= p, which validates casting to size_t. */ + TEST_ASSERT( len <= (size_t)( end - *p) ); + /* Tolerate a slight departure from DER encoding: * - 0 may be represented by an empty string or a 1-byte string. * - The sign bit may be used as a value bit. */