Merge pull request #259 from k-stachowiak/bounds-check-asn1-len Check `len` against buffers size upper bound in PSA tests

commit: ccde952df01f6acd2d7159667126caeea94e8ed0 [log] [tgz]
author: Gilles Peskine <gilles.peskine@arm.com> Tue Oct 29 17:47:47 2019 +0100
committer: GitHub <noreply@github.com> Tue Oct 29 17:47:47 2019 +0100
tree: 0f697e248dc77fe96d12a24f85ac802d0c326775
parent: 0eaf49c9be548b1b34a57aa7d8e67fc30c704c04 [diff]
parent: 9b88efc378e2968b08a5e827b9131e08eff0854b [diff]
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 40e9e57..2fd70c6 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function

@@ -736,6 +736,11 @@
     TEST_EQUAL( mbedtls_asn1_get_tag( p, end, &len,
                                       MBEDTLS_ASN1_INTEGER ),
                 0 );
+
+    /* Check if the retrieved length doesn't extend the actual buffer's size.
+     * It is assumed here, that end >= p, which validates casting to size_t. */
+    TEST_ASSERT( len <= (size_t)( end - *p) );
+
     /* Tolerate a slight departure from DER encoding:
      * - 0 may be represented by an empty string or a 1-byte string.
      * - The sign bit may be used as a value bit. */
commit	ccde952df01f6acd2d7159667126caeea94e8ed0	[log] [tgz]
author	Gilles Peskine <gilles.peskine@arm.com>	Tue Oct 29 17:47:47 2019 +0100
committer	GitHub <noreply@github.com>	Tue Oct 29 17:47:47 2019 +0100
tree	0f697e248dc77fe96d12a24f85ac802d0c326775
parent	0eaf49c9be548b1b34a57aa7d8e67fc30c704c04 [diff]
parent	9b88efc378e2968b08a5e827b9131e08eff0854b [diff]