pkcs7: check that content lengths fill whole buffer

Otherwise invalid data could be accepted. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2025-09-30 17:09:41 -04:00 · 2022-11-27 22:48:55 -05:00 · 2022-11-27 22:48:55 -05:00 · 512818b1d2
commit 512818b1d2
parent a22749e749
1 changed files with 3 additions and 0 deletions
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@ -58,6 +58,9 @@ static int pkcs7_get_next_content_len(unsigned char **p, unsigned char *end,
                               | MBEDTLS_ASN1_CONTEXT_SPECIFIC);
    if (ret != 0) {
        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret);
+    } else if ((size_t) (end - *p) != *len) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT,
+                                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
    }

    return ret;