pem: reject empty PEM contents Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

commit: 0f286d5453488acbc0ae2191ea80f1156eabbbb4 [log] [tgz]
author: Valerio Setti <valerio.setti@nordicsemi.no> Fri Feb 16 14:30:58 2024 +0100
committer: Valerio Setti <valerio.setti@nordicsemi.no> Fri Feb 16 14:30:58 2024 +0100
tree: 3122effa37c9d9d502819f70a669686d8d19840b
parent: d8840ec6e589b24b6c9b927a095ef11be460f843 [diff]
diff --git a/library/pem.c b/library/pem.c
index f090f49..a111970 100644
--- a/library/pem.c
+++ b/library/pem.c

@@ -244,6 +244,7 @@
 #if defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C)
 static int pem_check_pkcs_padding(unsigned char *input, size_t input_len, size_t *data_len)
 {
+    /* input_len > 0 is guaranteed by mbedtls_pem_read_buffer(). */
     size_t pad_len = input[input_len - 1];
     size_t i;
 
@@ -412,6 +413,10 @@
         return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);
     }
 
+    if (len == 0) {
+        return MBEDTLS_ERR_PEM_BAD_INPUT_DATA;
+    }
+
     if ((buf = mbedtls_calloc(1, len)) == NULL) {
         return MBEDTLS_ERR_PEM_ALLOC_FAILED;
     }
commit	0f286d5453488acbc0ae2191ea80f1156eabbbb4	[log] [tgz]
author	Valerio Setti <valerio.setti@nordicsemi.no>	Fri Feb 16 14:30:58 2024 +0100
committer	Valerio Setti <valerio.setti@nordicsemi.no>	Fri Feb 16 14:30:58 2024 +0100
tree	3122effa37c9d9d502819f70a669686d8d19840b
parent	d8840ec6e589b24b6c9b927a095ef11be460f843 [diff]