mbedtls/library
Hanno Becker 1de13dbc49 Obey bounds of ASN.1 substructures
When parsing a substructure of an ASN.1 structure, no field within
the substructure must exceed the bounds of the substructure.
Concretely, the `end` pointer passed to the ASN.1 parsing routines
must be updated to point to the end of the substructure while parsing
the latter.

This was previously not the case for the routines
- x509_get_attr_type_and_value(),
- mbedtls_x509_get_crt_ext(),
- mbedtls_x509_get_crl_ext().
These functions kept using the end of the parent structure as the
`end` pointer and would hence allow substructure fields to cross
the substructure boundary. This could lead to successful parsing
of ill-formed X.509 CRTs.

This commit fixes this.

Care has to be taken when adapting `mbedtls_x509_get_crt_ext()`
and `mbedtls_x509_get_crl_ext()`, as the underlying function
`mbedtls_x509_get_ext()` returns `0` if no extensions are present
but doesn't set the variable which holds the bounds of the Extensions
structure in case the latter is present. This commit addresses
this by returning early from `mbedtls_x509_get_crt_ext()` and
`mbedtls_x509_get_crl_ext()` if parsing has reached the end of
the input buffer.

The following X.509 parsing tests need to be adapted:
- "TBSCertificate, issuer two inner set datas"
  This test exercises the X.509 CRT parser with a Subject name
  which has two empty `AttributeTypeAndValue` structures.
  This is supposed to fail with `MBEDTLS_ERR_ASN1_OUT_OF_DATA`
  because the parser should attempt to parse the first structure
  and fail because of a lack of data. Previously, it failed to
  obey the (0-length) bounds of the first AttributeTypeAndValue
  structure and would try to interpret the beginning of the second
  AttributeTypeAndValue structure as the first field of the first
  AttributeTypeAndValue structure, returning an UNEXPECTED_TAG error.
- "TBSCertificate, issuer, no full following string"
  This test exercises the parser's behaviour on an AttributeTypeAndValue
  structure which contains more data than expected; it should therefore
  fail with MBEDTLS_ERR_ASN1_LENGTH_MISMATCH. Because of the missing bounds
  check, it previously failed with UNEXPECTED_TAG because it interpreted
  the remaining byte in the first AttributeTypeAndValue structure as the
  first byte in the second AttributeTypeAndValue structure.
- "SubjectAltName repeated"
  This test should exercise two SubjectAltNames extensions in succession,
  but a wrong length values makes the second SubjectAltNames extension appear
  outside of the Extensions structure. With the new bounds in place, this
  therefore fails with a LENGTH_MISMATCH error. This commit adapts the test
  data to put the 2nd SubjectAltNames extension inside the Extensions
  structure, too.
2019-06-04 14:03:27 +01:00
..
.gitignore Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
aes.c Add missing MBEDTLS_DEPRECATED_REMOVED guards 2018-02-21 19:16:20 +01:00
aesni.c Fix build errors on x32 by using the generic 'add' instruction 2016-05-23 14:29:28 +01:00
arc4.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
asn1parse.c Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-13 13:54:14 +01:00
asn1write.c Fix ASN1 bitstring writing 2019-02-11 21:10:48 +00:00
base64.c Add comment to integer overflow fix in base64.c 2017-02-15 23:31:07 +02:00
bignum.c Fix typo 2019-03-06 14:00:44 +00:00
blowfish.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
camellia.c Address user reported coverity issues. 2016-06-07 14:52:35 +01:00
ccm.c enforce input and output of ccm selftest on stack 2018-07-30 11:43:08 +03:00
certs.c Use certificates from data_files and refer them 2019-02-13 16:00:07 +02:00
cipher.c Merge remote-tracking branch 'public/pr/1763' into mbedtls-2.7-proposed 2018-10-28 18:13:46 +00:00
cipher_wrap.c Fix after PR comments 2018-06-21 14:03:14 +03:00
cmac.c Merge remote-tracking branch 'public/pr/1390' into mbedtls-2.7 2018-06-27 11:11:34 +01:00
CMakeLists.txt Update library version to 2.7.10 2019-03-19 16:18:43 +00:00
ctr_drbg.c CTR_DRBG: add mbedtls_ctr_drbg_update_ret 2018-09-13 22:19:31 +02:00
debug.c Return from debugging functions if SSL context is unset 2018-08-23 14:57:39 +01:00
des.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
dhm.c Merge remote-tracking branch 'upstream-restricted/pr/410' into development-restricted 2018-01-26 18:43:04 +00:00
ecdh.c Fix ecdh_get_params with mismatching group 2019-02-21 18:17:05 +01:00
ecdsa.c Return error code of underlying function. 2018-12-17 10:22:19 +02:00
ecjpake.c Fix multiple quality issues in the source 2018-06-08 11:14:43 +01:00
ecp.c typo fix 2018-10-23 07:40:13 -07:00
ecp_curves.c ECP: Add module and function level replacement options. 2017-05-11 22:42:14 +01:00
entropy.c Merge branch 'development' into development-restricted 2018-01-25 17:28:31 +00:00
entropy_poll.c Add missing bracket 2018-11-05 12:17:15 +00:00
error.c Update error.c 2018-03-30 18:52:10 +02:00
gcm.c Merge remote-tracking branch 'upstream-public/pr/964' into development 2018-01-02 16:24:29 +01:00
havege.c Fixes warnings found by Clang static analyser 2016-05-23 23:18:26 +01:00
hmac_drbg.c HMAC_DRBG: report all errors from HMAC functions 2018-09-13 22:20:58 +02:00
Makefile Merge remote-tracking branch 'upstream-public/pr/1500' into mbedtls-2.7-proposed 2018-04-01 12:41:29 +02:00
md.c Merge branch 'development' into development-restricted 2018-01-25 17:28:31 +00:00
md2.c MD: Make deprecated functions not inline 2018-02-22 08:20:42 +00:00
md4.c MD: Make deprecated functions not inline 2018-02-22 08:20:42 +00:00
md5.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:18:37 +02:00
md_wrap.c New MD API: rename functions from _ext to _ret 2018-01-22 11:54:42 +01:00
memory_buffer_alloc.c Fix braces in mbedtls_memory_buffer_alloc_status() 2018-05-23 16:32:33 +01:00
net_sockets.c Merge remote-tracking branch 'public/pr/1711' into mbedtls-2.7 2018-06-14 11:01:14 +01:00
oid.c pkcs5v2: add support for additional hmacSHA algorithms 2018-02-08 17:18:15 +08:00
padlock.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pem.c Merge remote-tracking branch 'upstream-public/pr/778' into mbedtls-2.7-proposed 2018-03-12 23:44:56 +01:00
pk.c Change PK module preprocessor check on word size 2017-08-04 13:32:15 +01:00
pk_wrap.c Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH 2018-03-30 18:43:16 +02:00
pkcs5.c Guard mbedtls_pkcs5_pbes2() by MBEDTLS_ASN1_PARSE_C 2018-10-16 13:53:58 +01:00
pkcs11.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkcs12.c Make PBE-related parts of PKCS12 depend on MBEDTLS_ASN1_PARSE_C 2018-10-16 13:53:50 +01:00
pkparse.c Reinitialize PK ctx in mbedtls_pk_parse_key before reuse are free 2018-10-25 15:24:21 +01:00
pkwrite.c Adapt PK test suite to use new interface 2017-08-23 16:17:27 +01:00
platform.c Omit runtime configuration of calloc/free if macro config enabled 2018-10-11 11:10:14 +01:00
ripemd160.c MD: Make deprecated functions not inline 2018-02-22 08:20:42 +00:00
rsa.c Fix undefined behavior in unsigned-to-signed conversion 2018-10-12 19:19:12 +02:00
rsa_internal.c Add explicit type cast to avoid truncation warning 2018-01-03 09:27:40 +00:00
sha1.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:18:37 +02:00
sha256.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:18:37 +02:00
sha512.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:18:37 +02:00
ssl_cache.c Address PR review comments 2017-10-29 17:53:52 +02:00
ssl_ciphersuites.c Reduce priority of 3DES ciphersuites 2019-02-13 09:52:46 +00:00
ssl_cli.c Add explicit unsigned-to-signed integer conversion 2018-10-10 15:50:05 +01:00
ssl_cookie.c Fix resource leak when using mutex and ssl_cookie 2017-03-02 12:26:11 +00:00
ssl_srv.c Merge remote-tracking branch 'upstream-public/pr/1814' into mbedtls-2.7 2018-08-10 11:01:29 +01:00
ssl_ticket.c Indentation fix 2018-10-26 10:08:29 +01:00
ssl_tls.c Correct length check for DTLS records from old epochs. 2019-01-30 15:07:09 +01:00
threading.c Do not define and initialize global mutexes on configurations that do not use them. 2018-03-21 15:13:08 +00:00
timing.c Implicit _endthread call: comment changed 2018-10-01 14:33:34 +01:00
version.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
version_features.c Reduce priority of 3DES ciphersuites 2019-02-13 09:52:46 +00:00
x509.c Obey bounds of ASN.1 substructures 2019-06-04 14:03:27 +01:00
x509_create.c Fix other occurrences of same bounds check issue 2015-10-21 12:50:45 +02:00
x509_crl.c Obey bounds of ASN.1 substructures 2019-06-04 14:03:27 +01:00
x509_crt.c Obey bounds of ASN.1 substructures 2019-06-04 14:03:27 +01:00
x509_csr.c Fix CSR parsing header call 2018-12-05 23:23:39 +00:00
x509write_crt.c Fix ASN1 bitstring writing 2019-02-11 21:10:48 +00:00
x509write_csr.c Fix ASN1 bitstring writing 2019-02-11 21:10:48 +00:00
xtea.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00