commit b1342a2e392b9786d77f3d0894a556731be58ab1
author Demi Marie Obenour <demiobenour@gmail.com> Thu Dec 08 15:24:18 2022 -0500
committer Demi Marie Obenour <demiobenour@gmail.com> Thu Dec 29 18:41:10 2022 -0500
tree aa365a24cbb8a2ab91bc3294e660a1489f1b5dfd
parent 447adc05ff1b174ecee56cc95b7939c8c48bfc8b

refactor(auth): partially validate SubjectPublicKeyInfo early

This reduces the likelihood of future problems later.

Change-Id: Ia748b6ae31a7a48f17ec7f0fc08310a50cd1b135
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

drivers/auth/mbedtls/mbedtls_x509_parser.c

diff --git a/drivers/auth/mbedtls/mbedtls_x509_parser.c b/drivers/auth/mbedtls/mbedtls_x509_parser.c
index 9cccd96..244f1c9 100644
--- a/drivers/auth/mbedtls/mbedtls_x509_parser.c
+++ b/drivers/auth/mbedtls/mbedtls_x509_parser.c
@@ -144,7 +144,7 @@
 {
 	int ret, is_critical;
 	size_t len;
-	unsigned char *p, *end, *crt_end;
+	unsigned char *p, *end, *crt_end, *pk_end;
 	mbedtls_asn1_buf sig_alg1, sig_alg2;
 	/*
 	 * The unique ASN.1 DER encoding of [0] EXPLICIT INTEGER { v3(2} }.
@@ -271,9 +271,22 @@
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
-	pk.len = (p + len) - pk.p;
+	pk_end = p + len;
+	pk.len = pk_end - pk.p;
+
+	ret = mbedtls_asn1_get_tag(&p, pk_end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+				   MBEDTLS_ASN1_SEQUENCE);
+	if (ret != 0) {
+		return IMG_PARSER_ERR_FORMAT;
+	}
 	p += len;
 
+	ret = mbedtls_asn1_get_tag(&p, pk_end, &len, MBEDTLS_ASN1_BIT_STRING);
+	if ((ret != 0) || (p + len != pk_end)) {
+		return IMG_PARSER_ERR_FORMAT;
+	}
+	p = pk_end;
+
 	/*
 	 * issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
 	 */