From 35e5dad8653b2221898a5f0f4c96e918ead7c9a8 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Thu, 15 Mar 2018 15:00:03 +0000
Subject: [PATCH] Add clarifying comment on use of MultiByteToWideChar() and
 CP_ACP

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
---
 library/x509_crt.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index f73e215c26..2ad051fdaa 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1573,6 +1573,14 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
     if (FAILED (SizeTToInt(len, &lengthAsInt)))
         return(MBEDTLS_ERR_X509_FILE_IO_ERROR);
 
+    /*
+     * Note this function uses the code page CP_ACP, and assumes the incoming
+     * string is encoded in ANSI, before translating it into Unicode. If the
+     * incoming string were changed to be UTF-8, then the length check needs to
+     * change to check the number of characters, not the number of bytes, in the
+     * incoming string are less than MAX_PATH to avoid a buffer overrun with
+     * MultiByteToWideChar().
+     */
     w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir,
                                 MAX_PATH - 3);
     if (w_ret == 0) {