From f7d6acd4754b732084aea5f0a94ecdc6b4156185 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 1 Mar 2019 18:06:08 +0100 Subject: [PATCH] mbedtls_asn1_get_int: allow leading zeros properly Allow any number of leading zeros, not just based on sizeof(int). --- library/asn1parse.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/library/asn1parse.c b/library/asn1parse.c index 171c340b8..20e8177b6 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -149,11 +149,18 @@ int mbedtls_asn1_get_int( unsigned char **p, if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) return( ret ); - if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 ) + if( len == 0 || ( **p & 0x80 ) != 0 ) + return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + + while( len > 0 && **p == 0 ) + { + ++( *p ); + --len; + } + if( len > sizeof( int ) ) return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); *val = 0; - while( len-- > 0 ) { *val = ( *val << 8 ) | **p;