mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-28 09:39:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix X.509 SAN parsing

Browse Source 
Fixes #2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Hanno Becker 2019-09-13 12:24:56 +01:00 committed by Andrzej Kurek
parent f31c9e441b
commit ae8f8c435c
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
library/x509.c
View File

@ -1238,8 +1238,6 @@ int mbedtls_x509_get_subject_alt_name(unsigned char **p,
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len, tag_len; size_t len, tag_len;
mbedtls_asn1_buf *buf;
unsigned char tag;
mbedtls_asn1_sequence *cur = subject_alt_name; mbedtls_asn1_sequence *cur = subject_alt_name;
/* Get main sequence tag */ /* Get main sequence tag */
@ -1255,15 +1253,20 @@ int mbedtls_x509_get_subject_alt_name(unsigned char **p,
while (*p < end) { while (*p < end) {
mbedtls_x509_subject_alternative_name dummy_san_buf; mbedtls_x509_subject_alternative_name dummy_san_buf;
mbedtls_x509_buf tmp_san_buf;
memset(&dummy_san_buf, 0, sizeof(dummy_san_buf)); memset(&dummy_san_buf, 0, sizeof(dummy_san_buf));
tag = **p; tmp_san_buf.tag = **p;
(*p)++; (*p)++;
if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) { if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
} }
if ((tag & MBEDTLS_ASN1_TAG_CLASS_MASK) != tmp_san_buf.p = *p;
tmp_san_buf.len = tag_len;
if ((tmp_san_buf.tag & MBEDTLS_ASN1_TAG_CLASS_MASK) !=
MBEDTLS_ASN1_CONTEXT_SPECIFIC) { MBEDTLS_ASN1_CONTEXT_SPECIFIC) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
@ -1272,7 +1275,7 @@ int mbedtls_x509_get_subject_alt_name(unsigned char **p,
/* /*
* Check that the SAN is structured correctly. * Check that the SAN is structured correctly.
*/ */
ret = mbedtls_x509_parse_subject_alt_name(&(cur->buf), &dummy_san_buf); ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &dummy_san_buf);
/* /*
* In case the extension is malformed, return an error, * In case the extension is malformed, return an error,
* and clear the allocated sequences. * and clear the allocated sequences.
@ -1299,11 +1302,8 @@ int mbedtls_x509_get_subject_alt_name(unsigned char **p,
cur = cur->next; cur = cur->next;
} }
buf = &(cur->buf); cur->buf = tmp_san_buf;
buf->tag = tag; *p += tmp_san_buf.len;
buf->p = *p;
buf->len = tag_len;
*p += buf->len;
} }
/* Set final sequence entry's next pointer to NULL */ /* Set final sequence entry's next pointer to NULL */