From 512818b1d2173e0ea906316075a6e01fd1654fac Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demiobenour@gmail.com>
Date: Sun, 27 Nov 2022 22:48:55 -0500
Subject: [PATCH] pkcs7: check that content lengths fill whole buffer

Otherwise invalid data could be accepted.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/pkcs7.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/pkcs7.c b/library/pkcs7.c
index 4fdbe3628..ec5d569aa 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -58,6 +58,9 @@ static int pkcs7_get_next_content_len(unsigned char **p, unsigned char *end,
                                | MBEDTLS_ASN1_CONTEXT_SPECIFIC);
     if (ret != 0) {
         ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret);
+    } else if ((size_t) (end - *p) != *len) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT,
+                                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
 
     return ret;