mbedtls_asn1_get_bitstring_null: fix rejection of short inputs

Fix improper rejection of bitstrings with length less than 2.
2024-10-19 07:21:22 +00:00 · 2019-03-01 18:08:35 +01:00 · 2019-03-01 18:08:35 +01:00 · e40d1207eb
parent f7d6acd475
commit e40d1207eb
1 changed files with 6 additions and 1 deletions
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@ -230,8 +230,13 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end
    if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
        return( ret );

-    if( (*len)-- < 2 || *(*p)++ != 0 )
+    if( *len == 0 )
        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+    --( *len );
+
+    if( **p != 0 )
+        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+    ++( *p );

    return( 0 );
 }