From e40d1207ebb30dc9549e86c6be9180069a00fefa Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 1 Mar 2019 18:08:35 +0100
Subject: [PATCH] mbedtls_asn1_get_bitstring_null: fix rejection of short
 inputs

Fix improper rejection of bitstrings with length less than 2.
---
 library/asn1parse.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/library/asn1parse.c b/library/asn1parse.c
index 20e8177b6..4764ca4cb 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -230,8 +230,13 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end
     if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
         return( ret );
 
-    if( (*len)-- < 2 || *(*p)++ != 0 )
+    if( *len == 0 )
         return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+    --( *len );
+
+    if( **p != 0 )
+        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+    ++( *p );
 
     return( 0 );
 }