commit 3fd929765832d7ffd4bf36e18e32afbfd0b022dd
author Andrzej Kurek <andrzej.kurek@arm.com> Tue Apr 14 09:49:52 2020 -0400
committer Piotr Nowicki <piotr.nowicki@arm.com> Fri Apr 17 11:30:21 2020 +0200
tree 696815f5ecdeb9bfca73d690538a58f8d430598c
parent 21522a49aa0d1e8b76e9b4d5d289f95cd85f2782

Guard from undefined behaviour in case of an INT_MAX max_pathlen

When parsing a certificate with the basic constraints extension
the max_pathlen that was read from it was incremented regardless
of its value. However, if the max_pathlen is equal to INT_MAX (which
is highly unlikely), an undefined behaviour would occur.
This commit adds a check to ensure that such value is not accepted
as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced.
Certificates added in this commit were generated using the
test_suite_x509write, function test_x509_crt_check. Input data taken
from the "Certificate write check Server1 SHA1" test case, so the generated
files are like the "server1.crt", but with the "is_ca" field set to 1 and
max_pathlen as described by the file name.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 3ad53a7..7627355 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -355,6 +355,12 @@
         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 
+    /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer
+     * overflow, which is an undefined behavior. */
+    if( *max_pathlen == INT_MAX )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+
     (*max_pathlen)++;
 
     return( 0 );