mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 01:55:52 +01:00
- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
This commit is contained in:
parent
4811b56524
commit
b00ca42f2a
@ -52,6 +52,7 @@ Bugfix
|
|||||||
* Prevent reading over buffer boundaries on X509 certificate parsing
|
* Prevent reading over buffer boundaries on X509 certificate parsing
|
||||||
* mpi_add_abs() now correctly handles adding short numbers to long numbers
|
* mpi_add_abs() now correctly handles adding short numbers to long numbers
|
||||||
with carry rollover (found by Ruslan Yushchenko)
|
with carry rollover (found by Ruslan Yushchenko)
|
||||||
|
* Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
|
||||||
|
|
||||||
Security
|
Security
|
||||||
* Fixed potential memory corruption on miscrafted client messages (found by
|
* Fixed potential memory corruption on miscrafted client messages (found by
|
||||||
|
@ -1134,7 +1134,7 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t len;
|
size_t len;
|
||||||
unsigned char *p, *end;
|
unsigned char *p, *end, *crt_end;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Check for valid input
|
* Check for valid input
|
||||||
@ -1168,12 +1168,13 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
|
|||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
|
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( len != (size_t) ( end - p ) )
|
if( len > (size_t) ( end - p ) )
|
||||||
{
|
{
|
||||||
x509_free( crt );
|
x509_free( crt );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
|
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
}
|
}
|
||||||
|
crt_end = p + len;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* TBSCertificate ::= SEQUENCE {
|
* TBSCertificate ::= SEQUENCE {
|
||||||
@ -1344,7 +1345,7 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
|
|||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
}
|
}
|
||||||
|
|
||||||
end = crt->raw.p + crt->raw.len;
|
end = crt_end;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* signatureAlgorithm AlgorithmIdentifier,
|
* signatureAlgorithm AlgorithmIdentifier,
|
||||||
|
Loading…
Reference in New Issue
Block a user