From 231d0ef8dc284ccaf232d5b9af064426efe7dfb9 Mon Sep 17 00:00:00 2001
From: xcy <xiaochunyang1@huawei.com>
Date: Tue, 12 Mar 2024 14:12:40 +0000
Subject: [PATCH] =?UTF-8?q?[Huawei][BugFix][CVE-2024-23775]=20mbedtls=5Fx5?=
 =?UTF-8?q?09=5Fset=5Fextension=20=E4=B8=AD=E5=AD=98=E5=9C=A8=E5=8F=8D?=
 =?UTF-8?q?=E8=BD=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: xcy <xiaochunyang1@huawei.com>
---
 library/x509_create.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/x509_create.c b/library/x509_create.c
index 056bbaa78..1d8283f07 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -209,6 +209,9 @@ int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid,
                         int critical, const unsigned char *val, size_t val_len )
 {
     mbedtls_asn1_named_data *cur;
+    if (val_len > (SIZE_MAX  - 1)) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
     if( ( cur = mbedtls_asn1_store_named_data( head, oid, oid_len,
                                        NULL, val_len + 1 ) ) == NULL )
-- 
Gitee