]> git.ipfire.org Git - thirdparty/FORT-validator.git/commitdiff
Make sure d2i_X509() consumed all data 108/head
authorJob Snijders <job@sobornost.net>
Mon, 5 Feb 2024 19:10:11 +0000 (19:10 +0000)
committerJob Snijders <job@sobornost.net>
Mon, 5 Feb 2024 19:10:11 +0000 (19:10 +0000)
An artefact of d2i_*() functions is that once they're satisfied,
there still might be trailing garbage in the field that's being
decoded.

Callers of d2i_*() functions generally should conform that all
data has been consumed.

src/asn1/signed_data.c

index d2f85d7a7c89b00fa323737ff57717d465f44fdd..301ae23de095f133a42e955953a809c95cea3b0c 100644 (file)
@@ -58,7 +58,7 @@ static int
 handle_sdata_certificate(ANY_t *cert_encoded, struct signed_object_args *args,
     OCTET_STRING_t *sid, ANY_t *signedData, SignatureValue_t *signature)
 {
-       const unsigned char *tmp;
+       const unsigned char *otmp, *tmp;
        X509 *cert;
        enum rpki_policy policy;
        int error;
@@ -78,12 +78,16 @@ handle_sdata_certificate(ANY_t *cert_encoded, struct signed_object_args *args,
         * pointer.
         */
        tmp = (const unsigned char *) cert_encoded->buf;
-
+       otmp = tmp;
        cert = d2i_X509(NULL, &tmp, cert_encoded->size);
        if (cert == NULL) {
                error = val_crypto_err("Signed object's 'certificate' element does not decode into a Certificate");
                goto end1;
        }
+       if (tmp != otmp + cert_encoded->size) {
+               error = val_crypto_err("Signed object's 'certificate' element contains trailing garbage");
+               goto end1;
+       }
 
        x509_name_pr_debug("Issuer", X509_get_issuer_name(cert));