rsa: reject buffers with data outside main SEQUENCE when parsing keys Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

commit: 9de84bd67775e05fabca1907cd9f2ea33078d99a [log] [tgz]
author: Valerio Setti <valerio.setti@nordicsemi.no> Thu Feb 08 17:40:27 2024 +0100
committer: Valerio Setti <valerio.setti@nordicsemi.no> Fri Feb 09 06:42:18 2024 +0100
tree: 6071909bb5c9f4959aa02927a05152369dab2d72
parent: 7a287382052eb2eae7455d02a04e226e38e2f083 [diff] [blame]
diff --git a/library/rsa.c b/library/rsa.c
index f4c0862..2c33869 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -108,7 +108,10 @@
         return ret;
     }
 
-    /* mbedtls_asn1_get_tag() already ensures that len is valid (i.e. p+len <= end)*/
+    if (end != p + len) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
+
     end = p + len;
 
     if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
@@ -241,7 +244,10 @@
         return ret;
     }
 
-    /* mbedtls_asn1_get_tag() already ensures that len is valid (i.e. p+len <= end)*/
+    if (end != p + len) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
+
     end = p + len;
 
     /* Import N */
commit	9de84bd67775e05fabca1907cd9f2ea33078d99a	[log] [tgz]
author	Valerio Setti <valerio.setti@nordicsemi.no>	Thu Feb 08 17:40:27 2024 +0100
committer	Valerio Setti <valerio.setti@nordicsemi.no>	Fri Feb 09 06:42:18 2024 +0100
tree	6071909bb5c9f4959aa02927a05152369dab2d72
parent	7a287382052eb2eae7455d02a04e226e38e2f083 [diff] [blame]