Ensure that we consume all the data when decoding an SPKI

If we are decoding a SubjectPublicKeyInfo structure then we must use all
of the data and must not have bytes "left over".

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15504)

1 files changed, 13 insertions, 2 deletions

diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 9ba63788bc..3eb21a0c79 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -161,6 +161,7 @@ static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval,
     if (ret <= 0 && !pubkey->flag_force_legacy) {
         const unsigned char *p;
         char txtoidname[OSSL_MAX_NAME_SIZE];
+        size_t slen = publen;
 
         /*
         * The decoders don't know how to handle anything other than Universal
@@ -190,9 +191,19 @@ static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval,
                                            pubkey->propq)) != NULL)
             /*
              * As said higher up, we're being opportunistic.  In other words,
-             * we don't care about what the return value signals.
+             * we don't care if we fail.
              */
-            OSSL_DECODER_from_data(dctx, &p, NULL);
+            if (OSSL_DECODER_from_data(dctx, &p, &slen)) {
+                if (slen != 0) {
+                    /*
+                     * If we successfully decoded then we *must* consume all the
+                     * bytes.
+                     */
+                    ERR_clear_last_mark();
+                    ERR_raise(ERR_LIB_ASN1, EVP_R_DECODE_ERROR);
+                    goto end;
+                }
+            }
     }
 
     ERR_pop_to_mark();