mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 12:35:40 +01:00
Fix potential stack overflow
This commit is contained in:
parent
b134060f90
commit
d681443f69
@ -4,10 +4,13 @@ PolarSSL ChangeLog (Sorted per branch, date)
|
||||
|
||||
Security
|
||||
* Fix remotely-triggerable uninitialised pointer dereference caused by
|
||||
crafted X.509 certificate (server is not affected if it doesn't ask for a
|
||||
crafted X.509 certificate (TLS server is not affected if it doesn't ask for a
|
||||
client certificate) (found using Codenomicon Defensics).
|
||||
* Fix remotely-triggerable memory leak caused by crafted X.509 certificates
|
||||
(server is not affected if it doesn't ask for a client certificate)
|
||||
(TLS server is not affected if it doesn't ask for a client certificate)
|
||||
(found using Codenomicon Defensics).
|
||||
* Fix potential stack overflow while parsing crafted X.509 certificates
|
||||
(TLS server is not affected if it doesn't ask for a client certificate)
|
||||
(found using Codenomicon Defensics).
|
||||
|
||||
Features
|
||||
|
@ -421,6 +421,9 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
|
||||
size_t set_len;
|
||||
const unsigned char *end_set;
|
||||
|
||||
/* don't use recursion, we'd risk stack overflow if not optimized */
|
||||
while( 1 )
|
||||
{
|
||||
/*
|
||||
* parse first SET, restricted to 1 element
|
||||
*/
|
||||
@ -437,7 +440,7 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
|
||||
/*
|
||||
* recurse until end of SEQUENCE is reached
|
||||
* continue until end of SEQUENCE is reached
|
||||
*/
|
||||
if( *p == end )
|
||||
return( 0 );
|
||||
@ -449,7 +452,8 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
|
||||
|
||||
memset( cur->next, 0, sizeof( x509_name ) );
|
||||
|
||||
return( x509_get_name( p, end, cur->next ) );
|
||||
cur = cur->next;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user