Fix oob read on rz_x509_parse_tbscertificate

rizinorg · Aug 17, 2022 · 6b118bf · 6b118bf
1 parent 7cc70d8
commit 6b118bf
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/librz/util/x509.c b/librz/util/x509.c
@@ -175,6 +175,10 @@ RZ_API bool rz_x509_parse_tbscertificate(RX509TBSCertificate *tbsc, RASN1Object
 		elems[0]->form == FORM_CONSTRUCTED &&
 		elems[0]->list.objects[0]->tag == TAG_INTEGER &&
 		elems[0]->list.objects[0]->length == 1) {
+		if (object->list.length < 7) {
+			// Always expect at least 7 elements for non-v1 certificates.
+			return false;
+		}
 		// Integer inside a CLASS_CONTEXT
 		tbsc->version = (ut32)elems[0]->list.objects[0]->sector[0];
 		shift = 1;