commit 98fa4c9d0c1996e5ed50c568b8b5f4dc8897ac16
author toth92g <toth92g@gmail.com> Tue Apr 27 15:41:25 2021 +0200
committer Przemek Stekiel <przemyslaw.stekiel@mobica.com> Mon Jan 02 20:27:31 2023 +0100
tree ee4d829a4a90a0fa55014fdc8dc0208c21ed87e5
parent fcdd0297b8f9f3165521956619ffa9cba05481ed

Correcting documentation issues:
- Changelog entry is Feature instead of API Change
- Correcting whitespaces around braces
- Also adding defensive mechanism to x509_get_subject_key_id
  to avoid malfunction in case of trailing garbage

Signed-off-by: toth92g <toth92g@gmail.com>

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 5395f45..5a356af 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -624,8 +624,8 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0u;
 
-    if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
-        MBEDTLS_ASN1_OCTET_STRING)) != 0 )
+    if ( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+        MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
     {
         return( ret );
     }
@@ -636,6 +636,10 @@
         subject_key_id->p = *p;
         *p += len;
     }
+	
+	if( *p != end )
+		return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+			MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 
     return( 0 );
 }
@@ -655,14 +659,14 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0u;
 
-    if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
-        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0 )
+    if ( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
     {
         return( ret );
     }
 
-    if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
-        MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != 0 )
+    if ( (ret = mbedtls_asn1_get_tag( p, end, &len,
+        MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
     {
         /* KeyIdentifier is an OPTIONAL field */
     }
@@ -677,15 +681,15 @@
 
     if ( *p < end )
     {
-        if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
-            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_BOOLEAN)) != 0 )
+        if ( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_BOOLEAN ) ) != 0 )
         {
             /* authorityCertIssuer is an OPTIONAL field */
         }
         else
         {
-            if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
-                MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_OCTET_STRING)) != 0 )
+            if ( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+                MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
             {
                 return( ret );
             }
@@ -693,13 +697,13 @@
             {
                 authority_key_id->raw.p = *p;
 
-                if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
-                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0 )
+                if ( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
                 {
                     return( ret );
                 }
 
-                if ( (ret = mbedtls_x509_get_name(p, *p + len, &authority_key_id->authorityCertIssuer)) != 0 )
+                if ( ( ret = mbedtls_x509_get_name( p, *p + len, &authority_key_id->authorityCertIssuer ) ) != 0 )
                 {
                     return( ret );
                 }
@@ -711,8 +715,8 @@
 
     if ( *p < end )
     {
-        if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
-            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER)) != 0 )
+        if ( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER ) ) != 0 )
         {
             /* authorityCertSerialNumber is an OPTIONAL field, but if there are still data it must be the serial number */
             return( ret );