commit beb90e30de05a11c6946e4fe53156c78a0252dba
author David Horstmann <david.horstmann@arm.com> Wed Feb 15 11:48:13 2023 +0000
committer David Horstmann <david.horstmann@arm.com> Mon Feb 20 14:44:18 2023 +0000
tree c810c5f5b02d924042a5147bafeccb4e1f5bace0
parent c714416d1648656c7ccdabe0b598f0e6264a9e66

Disallow overlong encoding when parsing OIDs

OID subidentifiers are encoded as follow. For every byte:
* The top bit is 1 if there is another byte to come, 0 if this is the
last byte.
* The other 7 bits form 7 bits of the number. These groups of 7 are
concatenated together in big-endian order.

Overlong encodings are explicitly disallowed by the BER/DER/X690
specification. For example, the number 1 cannot be encoded as:

0x80 0x80 0x01

It must be encoded as:

0x01

Enforce this in Mbed TLS' OID DER-to-string parser.

Signed-off-by: David Horstmann <david.horstmann@arm.com>

library/oid.c

diff --git a/library/oid.c b/library/oid.c
index d8ba773..fb4caad 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -799,6 +799,11 @@
     /* First subidentifier contains first two OID components */
     i = 0;
     value = 0;
+    if ((oid->p[0]) == 0x80) {
+        /* Overlong encoding is not allowed */
+        return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
+    }
+
     while (i < oid->len && ((oid->p[i] & 0x80) != 0)) {
         /* Prevent overflow in value. */
         if (((value << 7) >> 7) != value) {
@@ -833,6 +838,10 @@
         if (((value << 7) >> 7) != value) {
             return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
         }
+        if ((value == 0) && ((oid->p[i]) == 0x80)) {
+            /* Overlong encoding is not allowed */
+            return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
+        }
 
         value <<= 7;
         value += oid->p[i] & 0x7F;