Check for junk after SignedData

There must not be any.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This commit is contained in:
Demi Marie Obenour 2022-11-28 00:23:00 -05:00 committed by Dave Rodgman
parent aaf3c0028d
commit 4ec8355795

View file

@ -457,7 +457,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
{
unsigned char *p = buf;
unsigned char *end = buf + buflen;
unsigned char *end_set, *end_content_info;
unsigned char *end_content_info;
size_t len = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_alg;
@ -468,16 +468,19 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret);
}
end_set = p + len;
if (p + len != end) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
/* Get version of signed data */
ret = pkcs7_get_version(&p, end_set, &signed_data->version);
ret = pkcs7_get_version(&p, end, &signed_data->version);
if (ret != 0) {
return ret;
}
/* Get digest algorithm */
ret = pkcs7_get_digest_algorithm_set(&p, end_set,
ret = pkcs7_get_digest_algorithm_set(&p, end,
&signed_data->digest_alg_identifiers);
if (ret != 0) {
return ret;
@ -518,7 +521,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
/* Look for certificates, there may or may not be any */
mbedtls_x509_crt_init(&signed_data->certs);
ret = pkcs7_get_certificates(&p, end_set, &signed_data->certs);
ret = pkcs7_get_certificates(&p, end, &signed_data->certs);
if (ret < 0) {
return ret;
}
@ -534,7 +537,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
signed_data->no_of_crls = 0;
/* Get signers info */
ret = pkcs7_get_signers_info_set(&p, end_set, &signed_data->signers);
ret = pkcs7_get_signers_info_set(&p, end, &signed_data->signers);
if (ret < 0) {
return ret;
}
@ -553,7 +556,7 @@ int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf,
const size_t buflen)
{
unsigned char *p;
unsigned char *end, *end_content_info;
unsigned char *end;
size_t len = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;