51 lines
1.6 KiB
Diff
51 lines
1.6 KiB
Diff
From fd37982a19a4a2911912ce321b9468993a0919ad Mon Sep 17 00:00:00 2001
|
|
From: Demi Marie Obenour <demiobenour@gmail.com>
|
|
Date: Thu, 8 Dec 2022 15:23:56 -0500
|
|
Subject: fix(auth): forbid junk after extensions
|
|
|
|
The extensions must use all remaining bytes in the TBSCertificate.
|
|
|
|
Change-Id: Idf48f7168e146d050ba62dbc732638946fcd6c92
|
|
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
|
|
---
|
|
drivers/auth/mbedtls/mbedtls_x509_parser.c | 8 +++++---
|
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/drivers/auth/mbedtls/mbedtls_x509_parser.c b/drivers/auth/mbedtls/mbedtls_x509_parser.c
|
|
index 49bc008ed1..8c78003bb2 100644
|
|
--- a/drivers/auth/mbedtls/mbedtls_x509_parser.c
|
|
+++ b/drivers/auth/mbedtls/mbedtls_x509_parser.c
|
|
@@ -304,24 +304,26 @@ static int cert_parse(void *img, unsigned int img_len)
|
|
|
|
/*
|
|
* extensions [3] EXPLICIT Extensions OPTIONAL
|
|
+ * -- must use all remaining bytes in TBSCertificate
|
|
*/
|
|
ret = mbedtls_asn1_get_tag(&p, end, &len,
|
|
MBEDTLS_ASN1_CONTEXT_SPECIFIC |
|
|
MBEDTLS_ASN1_CONSTRUCTED | 3);
|
|
- if (ret != 0) {
|
|
+ if ((ret != 0) || (len != (size_t)(end - p))) {
|
|
return IMG_PARSER_ERR_FORMAT;
|
|
}
|
|
|
|
/*
|
|
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
|
|
+ * -- must use all remaining bytes in TBSCertificate
|
|
*/
|
|
v3_ext.p = p;
|
|
ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
|
|
MBEDTLS_ASN1_SEQUENCE);
|
|
- if (ret != 0) {
|
|
+ if ((ret != 0) || (len != (size_t)(end - p))) {
|
|
return IMG_PARSER_ERR_FORMAT;
|
|
}
|
|
- v3_ext.len = (p + len) - v3_ext.p;
|
|
+ v3_ext.len = end - v3_ext.p;
|
|
|
|
/*
|
|
* Check extensions integrity
|
|
--
|
|
cgit v1.2.3
|
|
|