From 661d72504400c9fc2bc89ef1d1330e389ff68f93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Duquette?= Date: Sun, 23 Jun 2019 17:45:26 -0400 Subject: [PATCH] Deref pointer when using sizeof in x509_get_other_name Fix for #2716. --- ChangeLog | 1 + library/x509_crt.c | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a46100878..23b62b4e9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -74,6 +74,7 @@ Bugfix irwir. * Enable Suite B with subset of ECP curves. Make sure the code compiles even if some curves are not defined. Fixes #1591 reported by dbedev. + * Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716. API Changes * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, diff --git a/library/x509_crt.c b/library/x509_crt.c index d101bc748..b2c19db68 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1687,7 +1687,7 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, if( p + len >= end ) { - mbedtls_platform_zeroize( other_name, sizeof( other_name ) ); + mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); } @@ -1709,7 +1709,7 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, if( p + len >= end ) { - mbedtls_platform_zeroize( other_name, sizeof( other_name ) ); + mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); } @@ -1725,7 +1725,7 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, if( p != end ) { mbedtls_platform_zeroize( other_name, - sizeof( other_name ) ); + sizeof( *other_name ) ); return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); }