Merge pull request #259 from k-stachowiak/bounds-check-asn1-len
Check `len` against buffers size upper bound in PSA tests
This commit is contained in:
commit
ccde952df0
1 changed files with 5 additions and 0 deletions
|
@ -736,6 +736,11 @@ int asn1_skip_integer( unsigned char **p, const unsigned char *end,
|
|||
TEST_EQUAL( mbedtls_asn1_get_tag( p, end, &len,
|
||||
MBEDTLS_ASN1_INTEGER ),
|
||||
0 );
|
||||
|
||||
/* Check if the retrieved length doesn't extend the actual buffer's size.
|
||||
* It is assumed here, that end >= p, which validates casting to size_t. */
|
||||
TEST_ASSERT( len <= (size_t)( end - *p) );
|
||||
|
||||
/* Tolerate a slight departure from DER encoding:
|
||||
* - 0 may be represented by an empty string or a 1-byte string.
|
||||
* - The sign bit may be used as a value bit. */
|
||||
|
|
Loading…
Reference in a new issue