From 6978949cd090a6301466fdc709b1830429254053 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Mon, 16 Jul 2018 10:49:12 +0200 Subject: [PATCH] Prevent buffer overread by one byte --- library/x509_crt.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 6751da0d20..85fee8444a 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -558,18 +558,14 @@ static int x509_get_crt_ext( unsigned char **p, end_ext_data = *p + len; /* Get extension ID */ - extn_oid.tag = **p; - - if( ( ret = mbedtls_asn1_get_tag( p, end, &extn_oid.len, MBEDTLS_ASN1_OID ) ) != 0 ) + if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len, + MBEDTLS_ASN1_OID ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + extn_oid.tag = MBEDTLS_ASN1_OID; extn_oid.p = *p; *p += extn_oid.len; - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - /* Get optional critical */ if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 && ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )