From f8da1d800580fb521b450b51f9e07ad1c3c1798d Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 27 May 2021 16:47:14 +0100
Subject: [PATCH] Ensure that we consume all the data when decoding an SPKI

If we are decoding a SubjectPublicKeyInfo structure then we must use all
of the data and must not have bytes "left over".

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15504)
---
 crypto/x509/x_pubkey.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 9ba63788bc..3eb21a0c79 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -161,6 +161,7 @@ static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval,
     if (ret <= 0 && !pubkey->flag_force_legacy) {
         const unsigned char *p;
         char txtoidname[OSSL_MAX_NAME_SIZE];
+        size_t slen = publen;
 
         /*
         * The decoders don't know how to handle anything other than Universal
@@ -190,9 +191,19 @@ static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval,
                                            pubkey->propq)) != NULL)
             /*
              * As said higher up, we're being opportunistic.  In other words,
-             * we don't care about what the return value signals.
+             * we don't care if we fail.
              */
-            OSSL_DECODER_from_data(dctx, &p, NULL);
+            if (OSSL_DECODER_from_data(dctx, &p, &slen)) {
+                if (slen != 0) {
+                    /*
+                     * If we successfully decoded then we *must* consume all the
+                     * bytes.
+                     */
+                    ERR_clear_last_mark();
+                    ERR_raise(ERR_LIB_ASN1, EVP_R_DECODE_ERROR);
+                    goto end;
+                }
+            }
     }
 
     ERR_pop_to_mark();
-- 
2.34.1