- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob

This commit is contained in:
Paul Bakker 2012-09-25 12:10:00 +00:00
parent 4811b56524
commit b00ca42f2a
2 changed files with 6 additions and 4 deletions

View file

@ -52,6 +52,7 @@ Bugfix
* Prevent reading over buffer boundaries on X509 certificate parsing
* mpi_add_abs() now correctly handles adding short numbers to long numbers
with carry rollover (found by Ruslan Yushchenko)
* Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
Security
* Fixed potential memory corruption on miscrafted client messages (found by

View file

@ -1134,7 +1134,7 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
{
int ret;
size_t len;
unsigned char *p, *end;
unsigned char *p, *end, *crt_end;
/*
* Check for valid input
@ -1168,13 +1168,14 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
}
if( len != (size_t) ( end - p ) )
if( len > (size_t) ( end - p ) )
{
x509_free( crt );
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
crt_end = p + len;
/*
* TBSCertificate ::= SEQUENCE {
*/
@ -1344,7 +1345,7 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
end = crt->raw.p + crt->raw.len;
end = crt_end;
/*
* signatureAlgorithm AlgorithmIdentifier,