Merge pull request #1349 from felixc-arm/pem-integer-underflow-3.6

[3.6] Fix Integer Underflow when Decoding PEM Keys
2025-07-29 11:41:15 +03:00 · 2025-06-04 14:36:35 +01:00
parent d9c141749b 42323eacc9
commit 3f82706cb7
3 changed files with 13 additions and 1 deletions
--- a/library/pem.c
+++ b/library/pem.c
@ -243,7 +243,10 @@ exit:
 #if defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C)
 static int pem_check_pkcs_padding(unsigned char *input, size_t input_len, size_t *data_len)
 {
-    /* input_len > 0 is guaranteed by mbedtls_pem_read_buffer(). */
+    /* input_len > 0 is not guaranteed by mbedtls_pem_read_buffer(). */
+    if (input_len < 1) {
+        return MBEDTLS_ERR_PEM_INVALID_DATA;
+    }
    size_t pad_len = input[input_len - 1];
    size_t i;