cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-30 08:56:50 -04:00
Code Issues Packages Projects Releases Wiki Activity

Check for junk after SignedData

Browse Source 
There must not be any.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This commit is contained in:
Demi Marie Obenour 2022-11-28 00:23:00 -05:00 committed by Dave Rodgman
parent aaf3c0028d
commit 4ec8355795
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
library/pkcs7.c
View File

@ -457,7 +457,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
{ {
unsigned char *p = buf; unsigned char *p = buf;
unsigned char *end = buf + buflen; unsigned char *end = buf + buflen;
unsigned char *end_set, *end_content_info; unsigned char *end_content_info;
size_t len = 0; size_t len = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_alg; mbedtls_md_type_t md_alg;
@ -468,16 +468,19 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret);
} }
end_set = p + len; if (p + len != end) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
/* Get version of signed data */ /* Get version of signed data */
ret = pkcs7_get_version(&p, end_set, &signed_data->version); ret = pkcs7_get_version(&p, end, &signed_data->version);
if (ret != 0) { if (ret != 0) {
return ret; return ret;
} }
/* Get digest algorithm */ /* Get digest algorithm */
ret = pkcs7_get_digest_algorithm_set(&p, end_set, ret = pkcs7_get_digest_algorithm_set(&p, end,
&signed_data->digest_alg_identifiers); &signed_data->digest_alg_identifiers);
if (ret != 0) { if (ret != 0) {
return ret; return ret;
@ -518,7 +521,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
/* Look for certificates, there may or may not be any */ /* Look for certificates, there may or may not be any */
mbedtls_x509_crt_init(&signed_data->certs); mbedtls_x509_crt_init(&signed_data->certs);
ret = pkcs7_get_certificates(&p, end_set, &signed_data->certs); ret = pkcs7_get_certificates(&p, end, &signed_data->certs);
if (ret < 0) { if (ret < 0) {
return ret; return ret;
} }
@ -534,7 +537,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
signed_data->no_of_crls = 0; signed_data->no_of_crls = 0;
/* Get signers info */ /* Get signers info */
ret = pkcs7_get_signers_info_set(&p, end_set, &signed_data->signers); ret = pkcs7_get_signers_info_set(&p, end, &signed_data->signers);
if (ret < 0) { if (ret < 0) {
return ret; return ret;
} }
@ -553,7 +556,7 @@ int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf,
const size_t buflen) const size_t buflen)
{ {
unsigned char *p; unsigned char *p;
unsigned char *end, *end_content_info; unsigned char *end;
size_t len = 0; size_t len = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;