Fix X.509 SAN parsing
Fixes #2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/library/x509_crt.c b/library/x509_crt.c
index aaeb515..d224e2a 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -639,8 +639,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len, tag_len;
- mbedtls_asn1_buf *buf;
- unsigned char tag;
mbedtls_asn1_sequence *cur = subject_alt_name;
/* Get main sequence tag */
@@ -656,15 +654,20 @@
while (*p < end) {
mbedtls_x509_subject_alternative_name dummy_san_buf;
+ mbedtls_x509_buf tmp_san_buf;
memset(&dummy_san_buf, 0, sizeof(dummy_san_buf));
- tag = **p;
+ tmp_san_buf.tag = **p;
(*p)++;
+
if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
}
- if ((tag & MBEDTLS_ASN1_TAG_CLASS_MASK) !=
+ tmp_san_buf.p = *p;
+ tmp_san_buf.len = tag_len;
+
+ if ((tmp_san_buf.tag & MBEDTLS_ASN1_TAG_CLASS_MASK) !=
MBEDTLS_ASN1_CONTEXT_SPECIFIC) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
@@ -673,7 +676,7 @@
/*
* Check that the SAN is structured correctly.
*/
- ret = mbedtls_x509_parse_subject_alt_name(&(cur->buf), &dummy_san_buf);
+ ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &dummy_san_buf);
/*
* In case the extension is malformed, return an error,
* and clear the allocated sequences.
@@ -708,11 +711,8 @@
cur = cur->next;
}
- buf = &(cur->buf);
- buf->tag = tag;
- buf->p = *p;
- buf->len = tag_len;
- *p += buf->len;
+ cur->buf = tmp_san_buf;
+ *p += tmp_san_buf.len;
}
/* Set final sequence entry's next pointer to NULL */