From f826d1113e30577dd5c662cacc92e1369b8cf37f Mon Sep 17 00:00:00 2001
From: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
Date: Mon, 14 Aug 2023 16:32:22 +0100
Subject: [PATCH] Reject null bytes in DER encoded values in DNs

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
---
 library/x509_create.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/x509_create.c b/library/x509_create.c
index 66f680643b..8a648e3813 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -239,6 +239,9 @@ static int parse_attribute_value_ber_encoded(const char *s,
         if ((c + 1 >= end) || (n = hexpair_to_int(*c, *(c+1))) == -1) {
             return MBEDTLS_ERR_X509_INVALID_NAME;
         }
+        if (MBEDTLS_ASN1_IS_STRING_TAG(*tag) && n == 0) {
+            return MBEDTLS_ERR_X509_INVALID_NAME;
+        }
         *(p++) = n;
     }
     asn1_der_end = p;