commit dbbd96652ceff314a45f23be40b3820dbd540347
author Ron Eldor <Ron.Eldor@arm.com> Wed May 15 15:46:03 2019 +0300
committer Ron Eldor <Ron.Eldor@arm.com> Wed May 15 15:46:03 2019 +0300
tree ecd86ed113120d2167c266cd8f6a2d7da37239a2
parent c8b5f3f520b97dc1580f09b2850012bda184de5d

Check that SAN is not malformed when parsing

Add a call to `mbedtls_x509_parse_subject_alt_name()` during
certificate parsing, to verify the certificate is not malformed.

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 701b014..754a65f 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -642,6 +642,9 @@
 
     while( *p < end )
     {
+        mbedtls_x509_subject_alternative_name dummy_san_buf;
+        memset( &dummy_san_buf, 0, sizeof( dummy_san_buf ) );
+
         if( ( end - *p ) < 1 )
             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
                     MBEDTLS_ERR_ASN1_OUT_OF_DATA );
@@ -658,6 +661,29 @@
                     MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
         }
 
+        /*
+         * Check that the SAN are structured correct.
+         */
+        ret = mbedtls_x509_parse_subject_alt_name( &(cur->buf), &dummy_san_buf );
+        /*
+         * In case the extension is malformed, return an error,
+         * and clear the allocated sequences.
+         */
+        if( ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
+        {
+            mbedtls_x509_sequence *seq_cur = subject_alt_name->next;
+            mbedtls_x509_sequence *seq_prv;
+            while( seq_cur != NULL )
+            {
+                seq_prv = seq_cur;
+                seq_cur = seq_cur->next;
+                mbedtls_platform_zeroize( seq_prv,
+                                          sizeof( mbedtls_x509_sequence ) );
+                mbedtls_free( seq_prv );
+            }
+            return( ret );
+        }
+
         /* Allocate and assign next pointer */
         if( cur->buf.p != NULL )
         {