From 9caaa6d967cb5a2ae4dac243ee3e3c0a30ed16f8 Mon Sep 17 00:00:00 2001
From: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
Date: Mon, 14 Aug 2023 15:38:39 +0100
Subject: [PATCH] Reject escaped null hexpairs in DNs

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
---
 library/x509_create.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/x509_create.c b/library/x509_create.c
index 6ce15f9fe7..500f21306c 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -187,6 +187,9 @@ static int parse_attribute_value_string(const char *s,
 
             /* Check for valid escaped characters in RFC 4514 in Section 3*/
             if (c + 1 < end && (n = hexpair_to_int(*c, *(c+1))) != -1) {
+                if(n == 0) {
+                    return MBEDTLS_ERR_X509_INVALID_NAME;
+                }
                 hexpair = 1;
                 *(d++) = n;
                 c++;