Fix invalid memory read in x509_get_sig()

commit: 0c2fa144bc93c2f390dbb7f220e6d262b5b9d621 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Apr 23 10:52:49 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Apr 23 10:55:05 2015 +0200
tree: c6e02e4df50b4ed9c2f9c2039a26d19a26e6816e
parent: cd7d24d4643a6187d6e87d3923805de65804e227 [diff] [blame]
diff --git a/library/x509parse.c b/library/x509parse.c
index 3040621..c98145b 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c

@@ -519,8 +519,7 @@
     if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
         return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + ret );
 
-
-    if( --len < 1 || *(*p)++ != 0 )
+    if( len-- < 2 || *(*p)++ != 0 )
         return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE );
 
     sig->len = len;
commit	0c2fa144bc93c2f390dbb7f220e6d262b5b9d621	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu Apr 23 10:52:49 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu Apr 23 10:55:05 2015 +0200
tree	c6e02e4df50b4ed9c2f9c2039a26d19a26e6816e
parent	cd7d24d4643a6187d6e87d3923805de65804e227 [diff] [blame]