commit 52af0d08b4c1a3bc254bbcf2380f1b6e04b28317
author Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com> Wed Aug 30 16:22:54 2023 +0100
committer Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com> Wed Aug 30 16:24:15 2023 +0100
tree d5fb78d78610ce78cfa94fbfe9ec32e853d40247
parent de02ee268ea0a884f4796acbcc2b6abb9a46d1cd

Fix unsafe behaviour in MBEDTLS_ASN1_IS_STRING_TAG

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>

include/mbedtls/asn1.h

diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 4eabea0..3242699 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -96,14 +96,14 @@
 
 /* Slightly smaller way to check if tag is a string tag
  * compared to canonical implementation. */
-#define MBEDTLS_ASN1_IS_STRING_TAG(tag)                                     \
-    ((tag) < 32 && (                                                      \
-         ((1 << (tag)) & ((1 << MBEDTLS_ASN1_BMP_STRING)       |     \
-                          (1 << MBEDTLS_ASN1_UTF8_STRING)      |     \
-                          (1 << MBEDTLS_ASN1_T61_STRING)       |     \
-                          (1 << MBEDTLS_ASN1_IA5_STRING)       |     \
-                          (1 << MBEDTLS_ASN1_UNIVERSAL_STRING) |     \
-                          (1 << MBEDTLS_ASN1_PRINTABLE_STRING))) != 0))
+#define MBEDTLS_ASN1_IS_STRING_TAG(tag)                                \
+    ((unsigned int) (tag) < 32u && (                                   \
+         ((1u << (tag)) & ((1u << MBEDTLS_ASN1_BMP_STRING)       |     \
+                           (1u << MBEDTLS_ASN1_UTF8_STRING)      |     \
+                           (1u << MBEDTLS_ASN1_T61_STRING)       |     \
+                           (1u << MBEDTLS_ASN1_IA5_STRING)       |     \
+                           (1u << MBEDTLS_ASN1_UNIVERSAL_STRING) |     \
+                           (1u << MBEDTLS_ASN1_PRINTABLE_STRING))) != 0))
 
 /*
  * Bit masks for each of the components of an ASN.1 tag as specified in