Add test for bounds in X509 DER write funcs
diff --git a/ChangeLog b/ChangeLog
index 422f33a..46af548 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,8 +5,8 @@
Security
* Fix potential stack corruption in mbedtls_x509write_crt_der() and
mbedtls_x509write_csr_der() when the signature is copied to the buffer
- without checking whether there is enough space in the destination. It is
- not triggerable remotely in SSL/TLS.
+ without checking whether there is enough space in the destination. The
+ issue cannot be triggered remotely.
Bugfix
* Fix an issue that caused valid certificates being rejected whenever an
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index c3773ba..5120837 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -52,6 +52,10 @@
TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ ret = mbedtls_x509write_csr_der( &req, buf, pem_len / 2,
+ rnd_pseudo_rand, &rnd_info );
+ TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
exit:
mbedtls_x509write_csr_free( &req );
mbedtls_pk_free( &key );
@@ -125,6 +129,10 @@
TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ ret = mbedtls_x509write_crt_der( &crt, buf, pem_len / 2,
+ rnd_pseudo_rand, &rnd_info );
+ TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
exit:
mbedtls_x509write_crt_free( &crt );
mbedtls_pk_free( &issuer_key );