From b2b29d52592b1c632f0b4b79f7c11c74f0798459 Mon Sep 17 00:00:00 2001
From: Sanne Wouda <sanne.wouda@arm.com>
Date: Mon, 21 Aug 2017 15:58:12 +0100
Subject: [PATCH] Add end-of-buffer check to prevent heap-buffer-overflow

Dereference of *p should not happen when it points past the end of the
buffer.

Internal reference: IOTSSL-1663
---
 library/pkparse.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/pkparse.c b/library/pkparse.c
index b4def4f91..89a0c5dbf 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -181,6 +181,9 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
 {
     int ret;
 
+    if ( end - *p < 1 )
+        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+
     /* Tag may be either OID or SEQUENCE */
     params->tag = **p;
     if( params->tag != MBEDTLS_ASN1_OID