commit 7eb1243fb4066222783b38ae0e3f86096a2facf4
author Paul Bakker <paul.bakker@arm.com> Thu Jul 14 10:27:08 2016 +0100
committer Simon Butcher <simon.butcher@arm.com> Thu Aug 25 15:42:27 2016 +0100
tree 4cb95fadabaf7397b23363079ea07377071ecbbd
parent 97c53c28670cc849b29b09656aa8d71ddc0ab480

Add check for lengths over 65535 in mbedtls_asn1_write_len()

include/mbedtls/asn1write.h

diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index 73ff32b..4d2917e 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -40,6 +40,8 @@
  * \param start     start of the buffer (for bounds-checking)
  * \param len       the length to write
  *
+ * \note            lengths over 65535 are not supported at the moment
+ *
  * \return          the length written or a negative error code
  */
 int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len );

library/asn1write.c

diff --git a/library/asn1write.c b/library/asn1write.c
index 027c858..ef35ee4 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -41,6 +41,11 @@
 
 int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len )
 {
+    // We don't support lengths over 65535 for now
+    //
+    if( len > 0xFFFF )
+        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+
     if( len < 0x80 )
     {
         if( *p - start < 1 )
@@ -63,8 +68,6 @@
     if( *p - start < 3 )
         return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
-    // We assume we never have lengths larger than 65535 bytes
-    //
     *--(*p) = len % 256;
     *--(*p) = ( len / 256 ) % 256;
     *--(*p) = 0x82;