From b00ca42f2a26133172d9df9304bfbc9b093a43dc Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Tue, 25 Sep 2012 12:10:00 +0000
Subject: [PATCH]  - Handle existence of OpenSSL Trust Extensions at end of
 X.509 DER blob

---
 ChangeLog           | 1 +
 library/x509parse.c | 9 +++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a4a2172ee..5f51ff0df 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -52,6 +52,7 @@ Bugfix
    * Prevent reading over buffer boundaries on X509 certificate parsing
    * mpi_add_abs() now correctly handles adding short numbers to long numbers
      with carry rollover (found by Ruslan Yushchenko)
+   * Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
 
 Security
    * Fixed potential memory corruption on miscrafted client messages (found by
diff --git a/library/x509parse.c b/library/x509parse.c
index 3513f1b34..3968666c6 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -1134,7 +1134,7 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
 {
     int ret;
     size_t len;
-    unsigned char *p, *end;
+    unsigned char *p, *end, *crt_end;
 
     /*
      * Check for valid input
@@ -1168,13 +1168,14 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
         return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
     }
 
-    if( len != (size_t) ( end - p ) )
+    if( len > (size_t) ( end - p ) )
     {
         x509_free( crt );
         return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
                 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
     }
-
+    crt_end = p + len;
+    
     /*
      * TBSCertificate  ::=  SEQUENCE  {
      */
@@ -1344,7 +1345,7 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
                 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
     }
 
-    end = crt->raw.p + crt->raw.len;
+    end = crt_end;
 
     /*
      *  signatureAlgorithm   AlgorithmIdentifier,