From 0f286d5453488acbc0ae2191ea80f1156eabbbb4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Feb 2024 14:30:58 +0100 Subject: [PATCH] pem: reject empty PEM contents Signed-off-by: Valerio Setti --- library/pem.c | 5 +++++ tests/suites/test_suite_pem.data | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/library/pem.c b/library/pem.c index f090f4931..a111970bb 100644 --- a/library/pem.c +++ b/library/pem.c @@ -244,6 +244,7 @@ exit: #if defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) static int pem_check_pkcs_padding(unsigned char *input, size_t input_len, size_t *data_len) { + /* input_len > 0 is guaranteed by mbedtls_pem_read_buffer(). */ size_t pad_len = input[input_len - 1]; size_t i; @@ -412,6 +413,10 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); } + if (len == 0) { + return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; + } + if ((buf = mbedtls_calloc(1, len)) == NULL) { return MBEDTLS_ERR_PEM_ALLOC_FAILED; } diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index df9663b18..a900a33b9 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -22,6 +22,10 @@ mbedtls_pem_write_buffer_lengths PEM read (unencrypted, valid) mbedtls_pem_read_buffer:"^":"$":"^\nTWJlZCBUTFM=\n$":"":0:"4d62656420544c53" +PEM read (unencrypted, empty content) +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\n\n-----END EC PRIVATE KEY-----":"":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:"" + PEM read (DES-EDE3-CBC + invalid iv) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV:""