Add check for lengths over 65535 in mbedtls_asn1_write_len()

2016-07-14 10:27:08 +01:00 · 2016-07-14 10:27:08 +01:00 · 7eb1243fb4
commit 7eb1243fb4
parent 97c53c2867
2 changed files with 7 additions and 2 deletions
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@ -40,6 +40,8 @@ extern "C" {
 * \param start     start of the buffer (for bounds-checking)
 * \param len       the length to write
 *
+ * \note            lengths over 65535 are not supported at the moment
+ *
 * \return          the length written or a negative error code
 */
 int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
--- a/library/asn1write.c
+++ b/library/asn1write.c
@ -41,6 +41,11 @@

 int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len )
 {
+    // We don't support lengths over 65535 for now
+    //
+    if( len > 0xFFFF )
+        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+
    if( len < 0x80 )
    {
        if( *p - start < 1 )
@ -63,8 +68,6 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len
    if( *p - start < 3 )
        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );

-    // We assume we never have lengths larger than 65535 bytes
-    //
    *--(*p) = len % 256;
    *--(*p) = ( len / 256 ) % 256;
    *--(*p) = 0x82;