Fix potential buffer overread of size 1

commit: d8a1ea72b1a78fe4ef4e89d139df08c4beef3728 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Nov 17 12:04:51 2014 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Nov 17 12:27:49 2014 +0100
tree: 620766bbc40a35f953081e5613c03e3792d3d1ae
parent: 309c798b2b39792173c043c1dd901aec070fe82f [diff] [blame]
diff --git a/library/x509parse.c b/library/x509parse.c
index 9d62e9e..488ae8c 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c

@@ -193,6 +193,11 @@
         return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
 
     end = *p + len;
+
+    if( len < 1 )
+        return( POLARSSL_ERR_X509_CERT_INVALID_ALG +
+                POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
     alg->tag = **p;
 
     if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
@@ -240,6 +245,11 @@
         return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
 
     oid = &cur->oid;
+
+    if( len < 1 )
+        return( POLARSSL_ERR_X509_CERT_INVALID_NAME +
+                POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
     oid->tag = **p;
 
     if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
commit	d8a1ea72b1a78fe4ef4e89d139df08c4beef3728	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Nov 17 12:04:51 2014 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Nov 17 12:27:49 2014 +0100
tree	620766bbc40a35f953081e5613c03e3792d3d1ae
parent	309c798b2b39792173c043c1dd901aec070fe82f [diff] [blame]