Trailing junk after X.509 certificate accepted #10515
Description
WARNING: if the bug you are reporting has or may have security implications,
we ask that you report it privately to
[email protected]
so that we can prepare and release a fix before publishing the details.
See SECURITY.md.
Summary
The X.509 parsing function allows trailing junk after a certificate.
System information
Mbed TLS version (number or commit id): d2026b1
Operating system and version: N/A
Configuration (if not default, please attach mbedtls_config.h): N/A
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): N/A
Additional environment information: N/A
Expected behavior
Reject trailing junk.
Actual behavior
Accept trailing junk.
Steps to reproduce
Pass certificate with trailing junk.
Additional information
Found by manual code review.