Fix x509_get_subject_alt_name to drop invalid tag Fix the x509_get_subject_alt_name() function to not accept invalid tags. The problem was that the ASN.1 class for tags consists of two bits. Simply doing bit-wise and of the CONTEXT_SPECIFIC macro with the input tag has the potential of accepting tag values 0x10 (private) which would indicate that the certificate has an incorrect format.

commit: f6a6b82362adb14ef73ea8862a2cc71c68fadb04 [log] [tgz]
author: Andres Amaya Garcia <andres.amayagarcia@arm.com> Fri Aug 25 17:13:12 2017 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Fri Dec 01 21:42:19 2017 +0100
tree: d86bcab972aa069909355042f0f0b5b4fa132646
parent: 45a556501c9269d79a51d563f00e4d786e1cf00a [diff] [blame]
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 8cb1923..5529366 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c

@@ -472,9 +472,12 @@
         if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
 
-        if( ( tag & MBEDTLS_ASN1_CONTEXT_SPECIFIC ) != MBEDTLS_ASN1_CONTEXT_SPECIFIC )
+        if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
+                MBEDTLS_ASN1_CONTEXT_SPECIFIC )
+        {
             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
                     MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+        }
 
         /* Skip everything but DNS name */
         if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
commit	f6a6b82362adb14ef73ea8862a2cc71c68fadb04	[log] [tgz]
author	Andres Amaya Garcia <andres.amayagarcia@arm.com>	Fri Aug 25 17:13:12 2017 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Dec 01 21:42:19 2017 +0100
tree	d86bcab972aa069909355042f0f0b5b4fa132646
parent	45a556501c9269d79a51d563f00e4d786e1cf00a [diff] [blame]