Remove unneeded checks from x509_get_other_name

Lengths are aleady checked in mbedtls_asn1_get_len() which is called in
mbedtls_asn1_get_tag(), therefore it is not necessary to check
the lengths explicitly afterwards.

Also with the previous flow data was left in the output buffer on some
errors.
This commit is contained in:
Janos Follath 2019-05-09 13:53:57 +01:00
parent 11b41eb12b
commit ab23cd1eae

View File

@ -1584,7 +1584,7 @@ cleanup:
static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
mbedtls_x509_san_other_name *other_name ) mbedtls_x509_san_other_name *other_name )
{ {
int ret; int ret = 0;
size_t len; size_t len;
unsigned char *p = subject_alt_name->p; unsigned char *p = subject_alt_name->p;
const unsigned char *end = p + subject_alt_name->len; const unsigned char *end = p + subject_alt_name->len;
@ -1616,12 +1616,6 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
} }
if( p + len >= end )
{
mbedtls_platform_zeroize( other_name, sizeof( other_name ) );
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
}
p += len; p += len;
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
@ -1638,30 +1632,31 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
other_name->value.hardware_module_name.oid.p = p; other_name->value.hardware_module_name.oid.p = p;
other_name->value.hardware_module_name.oid.len = len; other_name->value.hardware_module_name.oid.len = len;
if( p + len >= end )
{
mbedtls_platform_zeroize( other_name, sizeof( other_name ) );
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
}
p += len; p += len;
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); goto cleanup;
other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING;
other_name->value.hardware_module_name.val.p = p; other_name->value.hardware_module_name.val.p = p;
other_name->value.hardware_module_name.val.len = len; other_name->value.hardware_module_name.val.len = len;
other_name->value.hardware_module_name.next = NULL; other_name->value.hardware_module_name.next = NULL;
other_name->value.hardware_module_name.next_merged = 0; other_name->value.hardware_module_name.next_merged = 0;
p += len; p += len;
if( p != end ) if( p != end )
{ {
mbedtls_platform_zeroize( other_name, ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
sizeof( other_name ) );
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
} }
cleanup:
if( ret != 0 )
{
memset( other_name, 0, sizeof( *other_name ) );
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
}
return( 0 ); return( 0 );
} }