fix(auth): reject padding after BIT STRING in signatures It is forbidden by ASN.1 DER. Change-Id: Id8a48e14bb8a1a17a6481ea3fde0803723c05e31 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

commit: 447adc05ff1b174ecee56cc95b7939c8c48bfc8b [log] [tgz]
author: Demi Marie Obenour <demiobenour@gmail.com> Thu Dec 08 15:24:10 2022 -0500
committer: Demi Marie Obenour <demiobenour@gmail.com> Thu Dec 29 18:41:10 2022 -0500
tree: 7d7b6dcde3aa215dcb2429dc4f3025914864fb47
parent: ae2666400b8adb4ee2091d5228de4e8e8c8691a5 [diff]
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c
index 178bbf5..42a0925 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_crypto.c

@@ -115,7 +115,7 @@
 	end = (unsigned char *)(p + sig_len);
 	signature.tag = *p;
 	rc = mbedtls_asn1_get_bitstring_null(&p, end, &signature.len);
-	if (rc != 0) {
+	if ((rc != 0) || ((size_t)(end - p) != signature.len)) {
 		rc = CRYPTO_ERR_SIGNATURE;
 		goto end1;
 	}
commit	447adc05ff1b174ecee56cc95b7939c8c48bfc8b	[log] [tgz]
author	Demi Marie Obenour <demiobenour@gmail.com>	Thu Dec 08 15:24:10 2022 -0500
committer	Demi Marie Obenour <demiobenour@gmail.com>	Thu Dec 29 18:41:10 2022 -0500
tree	7d7b6dcde3aa215dcb2429dc4f3025914864fb47
parent	ae2666400b8adb4ee2091d5228de4e8e8c8691a5 [diff]