commit 6a3fa2159cec18939ce3523b8854566aa83deaff
author Andres AG <andres.amayagarcia@arm.com> Mon Sep 19 16:58:45 2016 +0100
committer Simon Butcher <simon.butcher@arm.com> Thu Oct 13 15:23:35 2016 +0100
tree 0c92cec70e95234ca6d605a0f0339ff4cca79745
parent 759b5a128628ae0cb29bbdd6b25ce048ce345f12

Fix sig->tag update in mbedtls_x509_get_sig()

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index d28d2c7..97cdfc3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,9 @@
    * Fix documentation and implementation missmatch for function arguments of
      mbedtls_gcm_finish(). Found by cmiatpaar. #602
    * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558
+   * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf
+     data structure until after error checks are successful. Found by
+     subramanyam-c.
 
 = mbed TLS 2.1.5 branch released 2016-06-28
 

library/x509.c

diff --git a/library/x509.c b/library/x509.c
index ffc3d6c..8696a7e 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -554,16 +554,18 @@
 {
     int ret;
     size_t len;
+    int tag_type;
 
     if( ( end - *p ) < 1 )
         return( MBEDTLS_ERR_X509_INVALID_SIGNATURE +
                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 
-    sig->tag = **p;
+    tag_type = **p;
 
     if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
         return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret );
 
+    sig->tag = tag_type;
     sig->len = len;
     sig->p = *p;