commit fe60132305df0eea16f90aeb8867fe344642a1ca
author Krzysztof Stachowiak <krzysztof.stachowiak@arm.com> Thu Apr 05 16:53:35 2018 +0200
committer Krzysztof Stachowiak <krzysztof.stachowiak@arm.com> Thu Apr 05 16:53:35 2018 +0200
tree 0fe37d0ba14928f429487963a5ce3750577c6d7e
parent 80aa3b8d6509be24cb67454e7a0519da20951faf

Move a buffer size test before the first relevant read

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index afff4e1..0885c8e 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -574,6 +574,9 @@
         end_ext_data = *p + len;
 
         /* Get extension ID */
+        if( ( end - *p ) < 1 )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                    MBEDTLS_ERR_ASN1_OUT_OF_DATA );
         extn_oid.tag = **p;
 
         if( ( ret = mbedtls_asn1_get_tag( p, end, &extn_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
@@ -582,10 +585,6 @@
         extn_oid.p = *p;
         *p += extn_oid.len;
 
-        if( ( end - *p ) < 1 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                    MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
         /* Get optional critical */
         if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
             ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )