rsa: handle buffer length similarly in private and public key parsing Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

commit: fe329cea3fdcda1865c21e24b5fa3e5aef219eaa [log] [tgz]
author: Valerio Setti <valerio.setti@nordicsemi.no> Tue Feb 06 08:00:18 2024 +0100
committer: Valerio Setti <valerio.setti@nordicsemi.no> Tue Feb 06 08:00:18 2024 +0100
tree: 16173bc8d87ba3bda30da67f60c681d1f5495411
parent: 45c33ed41ec2d89535aed1ac81d4345939e5c42a [diff] [blame]
diff --git a/library/rsa.c b/library/rsa.c
index f4add91..b250e1d 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -109,6 +109,10 @@
 
     end = p + len;
 
+    if (end > (key + keylen)) {
+        return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
+
     if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
         return ret;
     }
@@ -239,7 +243,9 @@
         return ret;
     }
 
-    if (p + len != end) {
+    end = p + len;
+
+    if (end > (key + keylen)) {
         return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
     }
commit	fe329cea3fdcda1865c21e24b5fa3e5aef219eaa	[log] [tgz]
author	Valerio Setti <valerio.setti@nordicsemi.no>	Tue Feb 06 08:00:18 2024 +0100
committer	Valerio Setti <valerio.setti@nordicsemi.no>	Tue Feb 06 08:00:18 2024 +0100
tree	16173bc8d87ba3bda30da67f60c681d1f5495411
parent	45c33ed41ec2d89535aed1ac81d4345939e5c42a [diff] [blame]