Add end-of-buffer check to prevent heap-buffer-overflow Dereference of *p should not happen when it points past the end of the buffer. Internal reference: IOTSSL-1663

commit: b2b29d52592b1c632f0b4b79f7c11c74f0798459 [log] [tgz]
author: Sanne Wouda <sanne.wouda@arm.com> Mon Aug 21 15:58:12 2017 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Tue Mar 06 23:28:46 2018 +0100
tree: ab754ea6505f52b38a838dbe3e6706ea26a6ee60
parent: 32605dc83042d737e715a685e53176388d73540e [diff] [blame]
diff --git a/library/pkparse.c b/library/pkparse.c
index b4def4f..89a0c5d 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c

@@ -181,6 +181,9 @@
 {
     int ret;
 
+    if ( end - *p < 1 )
+        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+
     /* Tag may be either OID or SEQUENCE */
     params->tag = **p;
     if( params->tag != MBEDTLS_ASN1_OID
commit	b2b29d52592b1c632f0b4b79f7c11c74f0798459	[log] [tgz]
author	Sanne Wouda <sanne.wouda@arm.com>	Mon Aug 21 15:58:12 2017 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Mar 06 23:28:46 2018 +0100
tree	ab754ea6505f52b38a838dbe3e6706ea26a6ee60
parent	32605dc83042d737e715a685e53176388d73540e [diff] [blame]