Maintenance: ASN.1

1. Add an additional check in GetCertHeader() to see that sigIndex is bounded by maxIdx.
2019-11-27 10:43:51 -08:00
parent 55540c6bd3
commit cc722468be
1 changed files with 3 additions and 0 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -4553,7 +4553,10 @@ static int GetCertHeader(DecodedCert* cert)

    if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0)
        return ASN_PARSE_E;
+
    cert->sigIndex = len + cert->srcIdx;
+    if (cert->sigIndex > cert->maxIdx)
+        return ASN_PARSE_E;

    if (GetExplicitVersion(cert->source, &cert->srcIdx, &cert->version,
                                                            cert->sigIndex) < 0)