From d275a22a158d544e155a3e1f484fe2e2fa8cd9f2 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 13 Sep 2019 14:21:13 +0100
Subject: [PATCH] X.509: Add length consistency checks to x509_get_other_name()

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 library/x509_crt.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 3b6b54bf47..0b53912b91 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1736,12 +1736,26 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
     p += len;
     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
+    {
         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    }
+
+    if( end != p + len )
+    {
+        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    }
 
     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
                      MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
 
+    if( end != p + len )
+    {
+        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    }
+
     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 )
         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );