rsa: handle buffer length similarly in private and public key parsing

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 08:00:18 +01:00 · 2024-02-06 08:00:18 +01:00 · fe329cea3f
commit fe329cea3f
parent 45c33ed41e
3 changed files with 9 additions and 3 deletions
--- a/library/rsa.c
+++ b/library/rsa.c
@ -109,6 +109,10 @@ int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, si

    end = p + len;

+    if (end > (key + keylen)) {
+        return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
+
    if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
        return ret;
    }
@ -239,7 +243,9 @@ int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key,
        return ret;
    }

-    if (p + len != end) {
+    end = p + len;
+
+    if (end > (key + keylen)) {
        return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
    }