commit 4829459c9067bf924aae9a0049a8534eaaf1f92b
author Raef Coles <raef.coles@arm.com> Mon Oct 10 16:40:00 2022 +0100
committer Raef Coles <raef.coles@arm.com> Thu Oct 13 14:29:47 2022 +0100
tree e867b81a1cb0ee0027a80c30211ae9ba523f4928
parent 7726678b230c102fd74a202f65994d025e6bf91e

Validate LMOTS sig length before parsing type

Signed-off-by: Raef Coles <raef.coles@arm.com>

library/lmots.c

diff --git a/library/lmots.c b/library/lmots.c
index 97325aa..f198718 100644
--- a/library/lmots.c
+++ b/library/lmots.c
@@ -552,6 +552,11 @@
         return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
     }
 
+    if( sig_size < MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN )
+    {
+        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    }
+
     if( mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN,
          sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ) != MBEDTLS_LMOTS_SHA256_N32_W8 )
     {