From 9bf4c0539b26acfb7dc21910e6ee444d37e29935 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Mar 2021 23:09:28 +0200
Subject: [PATCH] ASN.1: Verify that NULL value has zero length

This value is required to contain no octets, so verify that its length
octet agrees with that.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/tls/asn1.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/tls/asn1.c b/src/tls/asn1.c
index ee9a3afdf..970f680c1 100644
--- a/src/tls/asn1.c
+++ b/src/tls/asn1.c
@@ -129,6 +129,8 @@ static int asn1_valid_der(struct asn1_hdr *hdr)
 		return 1;
 	if (hdr->tag == ASN1_TAG_BOOLEAN && !asn1_valid_der_boolean(hdr))
 		return 0;
+	if (hdr->tag == ASN1_TAG_NULL && hdr->length != 0)
+		return 0;
 	return 1;
 }