]> git.baikalelectronics.ru Git - arm-tf.git/commit
projects / arm-tf.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: abb8f93) | patch
fix(auth): properly validate X.509 extensions
authorDemi Marie Obenour <demiobenour@gmail.com>
Fri, 9 Dec 2022 22:19:08 +0000 (17:19 -0500)
committerSandrine Bailleux <sandrine.bailleux@arm.com>
Tue, 10 Jan 2023 13:52:45 +0000 (14:52 +0100)
commitf5c51855d36e399e6e22cc1eb94f6b58e51b3b6d
treef311d3f772b581c52038521afa792ca04c4e2121tree | snapshot
parentabb8f936fd0ad085b1966bdc2cddf040ba3865e3commit | diff
fix(auth): properly validate X.509 extensions

get_ext() does not check the return value of the various mbedtls_*
functions, as cert_parse() is assumed to have guaranteed that they will
always succeed.  However, it passes the end of an extension as the end
pointer to these functions, whereas cert_parse() passes the end of the
TBSCertificate.  Furthermore, cert_parse() does *not* check that the
contents of the extension have the same length as the extension itself.
Before fd37982a19a4a291 ("fix(auth): forbid junk after extensions"),
cert_parse() also does not check that the extension block extends to the
end of the TBSCertificate.

This is a problem, as mbedtls_asn1_get_tag() leaves *p and *len
undefined on failure.  In practice, this results in get_ext() continuing
to parse at different offsets than were used (and validated) by
cert_parse(), which means that the in-bounds guarantee provided by
cert_parse() no longer holds.

This patch fixes the remaining flaw by enforcing that the contents of an
extension are the same length as the extension itself.

Change-Id: Id4570f911402e34d5d6c799ae01a01f184c68d7c
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
drivers/auth/mbedtls/mbedtls_x509_parser.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.