pkcs7: check that content lengths fill whole buffer Otherwise invalid data could be accepted. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

commit: 512818b1d2173e0ea906316075a6e01fd1654fac [log] [tgz]
author: Demi Marie Obenour <demiobenour@gmail.com> Sun Nov 27 22:48:55 2022 -0500
committer: Dave Rodgman <dave.rodgman@arm.com> Fri Feb 10 12:56:10 2023 +0000
tree: fbeaf576a90c25320142f838bd46b3efb0d2c8d2
parent: a22749e7496ff9211d8c201fe7633cbd291261d3 [diff] [blame]
diff --git a/library/pkcs7.c b/library/pkcs7.c
index 4fdbe36..ec5d569 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c

@@ -58,6 +58,9 @@
                                | MBEDTLS_ASN1_CONTEXT_SPECIFIC);
     if (ret != 0) {
         ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret);
+    } else if ((size_t) (end - *p) != *len) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT,
+                                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
 
     return ret;
commit	512818b1d2173e0ea906316075a6e01fd1654fac	[log] [tgz]
author	Demi Marie Obenour <demiobenour@gmail.com>	Sun Nov 27 22:48:55 2022 -0500
committer	Dave Rodgman <dave.rodgman@arm.com>	Fri Feb 10 12:56:10 2023 +0000
tree	fbeaf576a90c25320142f838bd46b3efb0d2c8d2
parent	a22749e7496ff9211d8c201fe7633cbd291261d3 [diff] [blame]