From 4cfdb54e2c32a6d267ed4d21da38a0990fe5c824 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 23 Aug 2017 09:52:31 +0100
Subject: [PATCH] Add bounds check for OCSP nocheck parsing in X509

---
 library/x509_crt.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index b02e1241e8..056e46308b 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -370,6 +370,10 @@ static int x509_get_ocsp_nocheck( unsigned char **p,
         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 
+    if( *p != end )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
     return( 0 );
 }