TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ab23cd1eae1afe30f11c06cf26034a0c0ee3f006^! / .
commitab23cd1eae1afe30f11c06cf26034a0c0ee3f006[log] [tgz]
authorJanos Follath <janos.follath@arm.com>Thu May 09 13:53:57 2019 +0100
committerJanos Follath <janos.follath@arm.com>Thu May 09 15:05:30 2019 +0100
tree0851c6c7752b6dfad1e9cc7e348edd9250365d36
parent11b41eb12beffb486f22e6fc34d7b0eed0b0026b [diff]
Remove unneeded checks from x509_get_other_name

Lengths are aleady checked in mbedtls_asn1_get_len() which is called in
mbedtls_asn1_get_tag(), therefore it is not necessary to check
the lengths explicitly afterwards.

Also with the previous flow data was left in the output buffer on some
errors.

diff --git a/library/x509_crt.c b/library/x509_crt.c
index f17c8b2..cfd3b9d 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c

@@ -1584,7 +1584,7 @@
 static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
                                 mbedtls_x509_san_other_name *other_name )
 {
-    int ret;
+    int ret = 0;
     size_t len;
     unsigned char *p = subject_alt_name->p;
     const unsigned char *end = p + subject_alt_name->len;
@@ -1616,12 +1616,6 @@
         return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
     }
 
-    if( p + len >= end )
-    {
-        mbedtls_platform_zeroize( other_name, sizeof( other_name ) );
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
     p += len;
     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
@@ -1638,30 +1632,31 @@
     other_name->value.hardware_module_name.oid.p = p;
     other_name->value.hardware_module_name.oid.len = len;
 
-    if( p + len >= end )
-    {
-        mbedtls_platform_zeroize( other_name, sizeof( other_name ) );
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
     p += len;
     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
                                       MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+        goto cleanup;
 
     other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING;
     other_name->value.hardware_module_name.val.p = p;
     other_name->value.hardware_module_name.val.len = len;
     other_name->value.hardware_module_name.next = NULL;
     other_name->value.hardware_module_name.next_merged = 0;
+
     p += len;
     if( p != end )
     {
-        mbedtls_platform_zeroize( other_name,
-                                  sizeof( other_name ) );
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+        ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
     }
+
+cleanup:
+
+    if( ret != 0 )
+    {
+        memset( other_name, 0, sizeof( *other_name ) );
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+    }
+
     return( 0 );
 }