Check for junk after SignedData
There must not be any. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This commit is contained in:
parent
aaf3c0028d
commit
4ec8355795
1 changed files with 10 additions and 7 deletions
|
@ -457,7 +457,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
|
|||
{
|
||||
unsigned char *p = buf;
|
||||
unsigned char *end = buf + buflen;
|
||||
unsigned char *end_set, *end_content_info;
|
||||
unsigned char *end_content_info;
|
||||
size_t len = 0;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_md_type_t md_alg;
|
||||
|
@ -468,16 +468,19 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
|
|||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret);
|
||||
}
|
||||
|
||||
end_set = p + len;
|
||||
if (p + len != end) {
|
||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT,
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
|
||||
}
|
||||
|
||||
/* Get version of signed data */
|
||||
ret = pkcs7_get_version(&p, end_set, &signed_data->version);
|
||||
ret = pkcs7_get_version(&p, end, &signed_data->version);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Get digest algorithm */
|
||||
ret = pkcs7_get_digest_algorithm_set(&p, end_set,
|
||||
ret = pkcs7_get_digest_algorithm_set(&p, end,
|
||||
&signed_data->digest_alg_identifiers);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
|
@ -518,7 +521,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
|
|||
|
||||
/* Look for certificates, there may or may not be any */
|
||||
mbedtls_x509_crt_init(&signed_data->certs);
|
||||
ret = pkcs7_get_certificates(&p, end_set, &signed_data->certs);
|
||||
ret = pkcs7_get_certificates(&p, end, &signed_data->certs);
|
||||
if (ret < 0) {
|
||||
return ret;
|
||||
}
|
||||
|
@ -534,7 +537,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
|
|||
signed_data->no_of_crls = 0;
|
||||
|
||||
/* Get signers info */
|
||||
ret = pkcs7_get_signers_info_set(&p, end_set, &signed_data->signers);
|
||||
ret = pkcs7_get_signers_info_set(&p, end, &signed_data->signers);
|
||||
if (ret < 0) {
|
||||
return ret;
|
||||
}
|
||||
|
@ -553,7 +556,7 @@ int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf,
|
|||
const size_t buflen)
|
||||
{
|
||||
unsigned char *p;
|
||||
unsigned char *end, *end_content_info;
|
||||
unsigned char *end;
|
||||
size_t len = 0;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
|
|
Loading…
Reference in a new issue