Add check for buffer overflow and fix style. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

commit: 07c5ea348c27642976d6adc5756c621a6a981f78 [log] [tgz]
author: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Tue Mar 07 15:43:38 2023 +0100
committer: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Wed Mar 08 13:31:19 2023 +0100
tree: 5bfb3a2fc465c9a6a5f658fcabf0e6d05ef82182
parent: 6cb59c55c32fbd077dfd2db6732f116fd2484aea [diff]
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 45e9187..ca0f88c 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c

@@ -141,14 +141,10 @@
             case MBEDTLS_X509_SAN_IP_ADDRESS:
                 MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
                                              mbedtls_asn1_write_raw_buffer(&p, buf,
-                                                                           (const unsigned char *)
-                                                                           cur->node.san.
-                                                                           unstructured_name.p,
-                                                                           cur->node.san.
-                                                                           unstructured_name.len));
+                                                                           (const unsigned char *) cur->node.san.unstructured_name.p,
+                                                                           cur->node.san.unstructured_name.len));
                 MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf,
-                                                                         cur->node.san.
-                                                                         unstructured_name.len));
+                                                                         cur->node.san.unstructured_name.len));
                 MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
                                              mbedtls_asn1_write_tag(&p, buf,
                                                                     MBEDTLS_ASN1_CONTEXT_SPECIFIC |
@@ -175,6 +171,12 @@
         buf + buflen - len,
         len);
 
+    /* If we exceeded the allocated buffer it means that maximum size of the SubjectAltName list
+     * was incorrectly calculated and memory is corrupted. */
+    if ( p < buf ) {
+        ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
+
 cleanup:
     mbedtls_free(buf);
     return ret;
commit	07c5ea348c27642976d6adc5756c621a6a981f78	[log] [tgz]
author	Przemek Stekiel <przemyslaw.stekiel@mobica.com>	Tue Mar 07 15:43:38 2023 +0100
committer	Przemek Stekiel <przemyslaw.stekiel@mobica.com>	Wed Mar 08 13:31:19 2023 +0100
tree	5bfb3a2fc465c9a6a5f658fcabf0e6d05ef82182
parent	6cb59c55c32fbd077dfd2db6732f116fd2484aea [diff]