From 0b016e645b5471e4e66c44dc0ef35fddf0256556 Mon Sep 17 00:00:00 2001
From: xcy <xiaochunyang1@huawei.com>
Date: Tue, 12 Mar 2024 14:12:40 +0000
Subject: [PATCH] =?UTF-8?q?fixed=20231d0ef=20from=20https://gitee.com/xcy5?=
 =?UTF-8?q?5/third=5Fparty=5Fmbedtls=5F23775/pulls/108=20[Huawei][BugFix][?=
 =?UTF-8?q?CVE-2024-23775]=20mbedtls=5Fx509=5Fset=5Fextension=20=E4=B8=AD?=
 =?UTF-8?q?=E5=AD=98=E5=9C=A8=E5=8F=8D=E8=BD=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: xcy <xiaochunyang1@huawei.com>
---
 library/x509_create.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/x509_create.c b/library/x509_create.c
index 50db95688..28c1de74b 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -203,6 +203,9 @@ int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid,
                                int critical, const unsigned char *val, size_t val_len)
 {
     mbedtls_asn1_named_data *cur;
+    if (val_len > (SIZE_MAX  - 1)) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
     if ((cur = mbedtls_asn1_store_named_data(head, oid, oid_len,
                                              NULL, val_len + 1)) == NULL) {
-- 
Gitee