TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / fbcb5d469b0f314605747c5ba21b41ece0d4b2bd^1..fbcb5d469b0f314605747c5ba21b41ece0d4b2bd / .
commitfbcb5d469b0f314605747c5ba21b41ece0d4b2bd[log] [tgz]
authorTom Cosgrove <tom.cosgrove@arm.com>Fri Jun 30 14:28:38 2023 +0100
committerGitHub <noreply@github.com>Fri Jun 30 14:28:38 2023 +0100
tree50a6d3295875136efa3fdb2c925c9d05dc8e6bb5
parent3fb807c06441b9bd30a33ecc38f5dcd4afb072d5 [diff]
parent1e8086bd21c8ad7d453498d556b3e977ff4c3050 [diff]
Merge pull request #7850 from davidhorstmann-arm/2.28-fix-string-to-names-retcode

[Backport 2.28] Fix false success return code in `mbedtls_x509_string_to_names()`
diff --git a/ChangeLog.d/fix-string-to-names-retcode.txt b/ChangeLog.d/fix-string-to-names-retcode.txt
new file mode 100644
index 0000000..ac4b3d1
--- /dev/null
+++ b/ChangeLog.d/fix-string-to-names-retcode.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix a bug in which mbedtls_x509_string_to_names() would return success
+     when given a invalid name string if it did not contain '=' or ','.

diff --git a/library/x509_create.c b/library/x509_create.c
index 50db956..cdfc82a 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c

@@ -125,7 +125,7 @@
 
 int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name)
 {
-    int ret = 0;
+    int ret = MBEDTLS_ERR_X509_INVALID_NAME;
     const char *s = name, *c = s;
     const char *end = s + strlen(s);
     const char *oid = NULL;
@@ -177,6 +177,9 @@
 
             s = c + 1;
             in_tag = 1;
+
+            /* Successfully parsed one name, update ret to success */
+            ret = 0;
         }
 
         if (!in_tag && s != c + 1) {

diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 2fc7143..999c05f 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data

@@ -133,5 +133,8 @@
 X509 String to Names #6 (Escape at end)
 mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NAME
 
+X509 String to Names #6 (Invalid, no '=' or ',')
+mbedtls_x509_string_to_names:"ABC123":"":MBEDTLS_ERR_X509_INVALID_NAME
+
 Check max serial length
 x509_set_serial_check: