From b37f6c1b95815d39fea26b2a17e318602eefe709 Mon Sep 17 00:00:00 2001
From: Valerio Setti <vsetti@baylibre.com>
Date: Fri, 13 Jan 2023 08:39:36 +0100
Subject: [PATCH] x509write_crt: reject serial longer than
 X509_RFC5280_MAX_SERIAL_LEN

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
---
 library/x509write_crt.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 4a65939c3..a8f4c286e 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -100,6 +100,10 @@ int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
+    if (mbedtls_mpi_size(serial) > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
+
     if ((ret = mbedtls_mpi_copy(&ctx->serial, serial)) != 0) {
         return ret;
     }