- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob

This commit is contained in:
Paul Bakker 2012-09-25 12:10:00 +00:00
parent 4811b56524
commit b00ca42f2a
2 changed files with 6 additions and 4 deletions

View File

@ -52,6 +52,7 @@ Bugfix
* Prevent reading over buffer boundaries on X509 certificate parsing * Prevent reading over buffer boundaries on X509 certificate parsing
* mpi_add_abs() now correctly handles adding short numbers to long numbers * mpi_add_abs() now correctly handles adding short numbers to long numbers
with carry rollover (found by Ruslan Yushchenko) with carry rollover (found by Ruslan Yushchenko)
* Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
Security Security
* Fixed potential memory corruption on miscrafted client messages (found by * Fixed potential memory corruption on miscrafted client messages (found by

View File

@ -1134,7 +1134,7 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
{ {
int ret; int ret;
size_t len; size_t len;
unsigned char *p, *end; unsigned char *p, *end, *crt_end;
/* /*
* Check for valid input * Check for valid input
@ -1168,12 +1168,13 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT ); return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
} }
if( len != (size_t) ( end - p ) ) if( len > (size_t) ( end - p ) )
{ {
x509_free( crt ); x509_free( crt );
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
} }
crt_end = p + len;
/* /*
* TBSCertificate ::= SEQUENCE { * TBSCertificate ::= SEQUENCE {
@ -1344,7 +1345,7 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
} }
end = crt->raw.p + crt->raw.len; end = crt_end;
/* /*
* signatureAlgorithm AlgorithmIdentifier, * signatureAlgorithm AlgorithmIdentifier,