Fix potential stack overflow

ChangeLog

@@ -4,10 +4,13 @@ PolarSSL ChangeLog (Sorted per branch, date)
 
 Security
    * Fix remotely-triggerable uninitialised pointer dereference caused by
-     crafted X.509 certificate (server is not affected if it doesn't ask for a
+     crafted X.509 certificate (TLS server is not affected if it doesn't ask for a
      client certificate) (found using Codenomicon Defensics).
    * Fix remotely-triggerable memory leak caused by crafted X.509 certificates
-     (server is not affected if it doesn't ask for a client certificate)
+     (TLS server is not affected if it doesn't ask for a client certificate)
+     (found using Codenomicon Defensics).
+   * Fix potential stack overflow while parsing crafted X.509 certificates
+     (TLS server is not affected if it doesn't ask for a client certificate)
      (found using Codenomicon Defensics).
 
 Features

library/x509.c

@@ -421,6 +421,9 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
     size_t set_len;
     const unsigned char *end_set;
 
+    /* don't use recursion, we'd risk stack overflow if not optimized */
+    while( 1 )
+    {
         /*
          * parse first SET, restricted to 1 element
          */
@@ -437,7 +440,7 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
             return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
 
         /*
-     * recurse until end of SEQUENCE is reached
+         * continue until end of SEQUENCE is reached
          */
         if( *p == end )
             return( 0 );
@@ -449,7 +452,8 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
 
         memset( cur->next, 0, sizeof( x509_name ) );
 
-    return( x509_get_name( p, end, cur->next ) );
+        cur = cur->next;
+    }
 }
 
 /*