Fix potential integer overflow parsing DER CRL This patch prevents a potential signed integer overflow during the CRL version verification checks.

commit: 4f753c1186b52b8b5b06f47d789f632b454175a5 [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Fri Feb 10 14:39:58 2017 +0000
committer: Simon Butcher <simon.butcher@arm.com> Thu Jul 27 21:44:34 2017 +0100
tree: b0944626f2d265986625a49e13e791fd862af591
parent: d922c78aa4d3d60643b1aad464fe6a77c3498b2b [diff] [blame]
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 76c49f1..55d12ac 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c

@@ -352,14 +352,14 @@
         return( ret );
     }
 
-    crl->version++;
-
-    if( crl->version > 2 )
+    if( crl->version < 0 || crl->version > 1 )
     {
         mbedtls_x509_crl_free( crl );
         return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
     }
 
+    crl->version++;
+
     if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1,
                                   &crl->sig_md, &crl->sig_pk,
                                   &crl->sig_opts ) ) != 0 )
commit	4f753c1186b52b8b5b06f47d789f632b454175a5	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Fri Feb 10 14:39:58 2017 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Thu Jul 27 21:44:34 2017 +0100
tree	b0944626f2d265986625a49e13e791fd862af591
parent	d922c78aa4d3d60643b1aad464fe6a77c3498b2b [diff] [blame]