mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 13:48:10 +00:00
- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
This commit is contained in:
parent
4811b56524
commit
b00ca42f2a
2 changed files with 6 additions and 4 deletions
|
@ -52,6 +52,7 @@ Bugfix
|
|||
* Prevent reading over buffer boundaries on X509 certificate parsing
|
||||
* mpi_add_abs() now correctly handles adding short numbers to long numbers
|
||||
with carry rollover (found by Ruslan Yushchenko)
|
||||
* Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
|
||||
|
||||
Security
|
||||
* Fixed potential memory corruption on miscrafted client messages (found by
|
||||
|
|
|
@ -1134,7 +1134,7 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
|
|||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
unsigned char *p, *end;
|
||||
unsigned char *p, *end, *crt_end;
|
||||
|
||||
/*
|
||||
* Check for valid input
|
||||
|
@ -1168,13 +1168,14 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
|
|||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
|
||||
}
|
||||
|
||||
if( len != (size_t) ( end - p ) )
|
||||
if( len > (size_t) ( end - p ) )
|
||||
{
|
||||
x509_free( crt );
|
||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
|
||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||
}
|
||||
|
||||
crt_end = p + len;
|
||||
|
||||
/*
|
||||
* TBSCertificate ::= SEQUENCE {
|
||||
*/
|
||||
|
@ -1344,7 +1345,7 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
|
|||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||
}
|
||||
|
||||
end = crt->raw.p + crt->raw.len;
|
||||
end = crt_end;
|
||||
|
||||
/*
|
||||
* signatureAlgorithm AlgorithmIdentifier,
|
||||
|
|
Loading…
Reference in a new issue