Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

X.509 AttributeTypeAndValue parsing doesn't respect bounds #2437

Closed
hanno-becker opened this issue Feb 12, 2019 · 2 comments · Fixed by #2442
Closed

X.509 AttributeTypeAndValue parsing doesn't respect bounds #2437

hanno-becker opened this issue Feb 12, 2019 · 2 comments · Fixed by #2442

Comments

@hanno-becker
Copy link

Context: This is about the parsing of the X.509 structure

   AttributeTypeAndValue ::= SEQUENCE {
     type     AttributeType,
     value    AttributeValue }

in x509_get_attr_type_and_value() from library/x509.c:
https://github.com/ARMmbed/mbedtls/blob/f352f75f6bd5734c8f671323dd6ab32472d5da34/library/x509.c#L344-L370

Issue: The function doesn't obey the len bound for the outer SEQUENCE. Instead, it only makes sure that the parsing doesn't read past the surrounding

   RelativeDistinguishedName ::=
     SET SIZE (1..MAX) OF AttributeTypeAndValue

the end of which is passed to the function as end. For example, if the length of the outer SEQUENCE is 0 but there's more space remaining in the current SET, the function won't fail. This situation is actually exercised by the test https://github.com/ARMmbed/mbedtls/blob/development/tests/suites/test_suite_x509parse.data#L1001 which wrongly expects MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG, where it should be MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA.

This is not a security issue because the bounds of the surrounding SET are obeyed.

hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Feb 12, 2019
@ciarmcom
Copy link

ARM Internal Ref: IOTSSL-2780

hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Feb 13, 2019
hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Feb 13, 2019
@hanno-becker
Copy link
Author

There is an analogous issue with the v3 extension parsing function x509_get_crt_ext():
https://github.com/ARMmbed/mbedtls/blob/f352f75f6bd5734c8f671323dd6ab32472d5da34/library/x509_crt.c#L694-L714
The call to mbedtls_x509_get_ext() reads the extensions header but doesn't update the end pointer, so that the subsequent parsing of extensions will treat everything until the end of the TBSCertificate as a potential extension. In fact, in the existing X.509 test "X509 Certificate ASN1 (SubjectAltName repeated)" the duplicated SubjectAltName extension is added outside of the Extensions block, but it still parsed; here we should fail with a MBEDTLS_ERR_ASN1_LENGTH_MISMATCH instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants