Prevent signed integer overflow in CSR parsing
Modify the function mbedtls_x509_csr_parse_der() so that it checks the parsed CSR version integer before it increments the value. This prevents a potential signed integer overflow, as these have undefined behaviour in the C standard.
This commit is contained in:
Andres AG
Simon Butcher
parent
7ca4a03955
commit
2e65a54d5a
2 changed files with 7 additions and 3 deletions
|
|
@ -168,14 +168,14 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
|
|||
return( ret );
|
||||
}
|
||||
|
||||
csr->version++;
|
||||
|
||||
if( csr->version != 1 )
|
||||
if( csr->version != 0 )
|
||||
{
|
||||
mbedtls_x509_csr_free( csr );
|
||||
return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
|
||||
}
|
||||
|
||||
csr->version++;
|
||||
|
||||
/*
|
||||
* subject Name
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue