From 4829459c9067bf924aae9a0049a8534eaaf1f92b Mon Sep 17 00:00:00 2001
From: Raef Coles <raef.coles@arm.com>
Date: Mon, 10 Oct 2022 16:40:00 +0100
Subject: [PATCH] Validate LMOTS sig length before parsing type

Signed-off-by: Raef Coles <raef.coles@arm.com>
---
 library/lmots.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/library/lmots.c b/library/lmots.c
index 97325aa8e..f19871873 100644
--- a/library/lmots.c
+++ b/library/lmots.c
@@ -552,6 +552,11 @@ int mbedtls_lmots_verify( const mbedtls_lmots_public_t *ctx,
         return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
     }
 
+    if( sig_size < MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN )
+    {
+        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    }
+
     if( mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN,
          sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ) != MBEDTLS_LMOTS_SHA256_N32_W8 )
     {