mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-22 13:20:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add check for buffer overflow and fix style.

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-03-07 15:43:38 +01:00
parent 6cb59c55c3
commit 07c5ea348c
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
library/x509write_csr.c
View File

@ -141,14 +141,10 @@ int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ct
case MBEDTLS_X509_SAN_IP_ADDRESS: case MBEDTLS_X509_SAN_IP_ADDRESS:
MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
mbedtls_asn1_write_raw_buffer(&p, buf, mbedtls_asn1_write_raw_buffer(&p, buf,
(const unsigned char *) (const unsigned char *) cur->node.san.unstructured_name.p,
cur->node.san. cur->node.san.unstructured_name.len));
unstructured_name.p,
cur->node.san.
unstructured_name.len));
MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf,
cur->node.san. cur->node.san.unstructured_name.len));
unstructured_name.len));
MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
mbedtls_asn1_write_tag(&p, buf, mbedtls_asn1_write_tag(&p, buf,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONTEXT_SPECIFIC |
@ -175,6 +171,12 @@ int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ct
buf + buflen - len, buf + buflen - len,
len); len);
/* If we exceeded the allocated buffer it means that maximum size of the SubjectAltName list
* was incorrectly calculated and memory is corrupted. */
if ( p < buf ) {
ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
}
cleanup: cleanup:
mbedtls_free(buf); mbedtls_free(buf);
return ret; return ret;