[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Wed May 4 16:40:20 UTC 2016
The branch master has been updated
via 4e0d184ac1dde845ba9574872e2ae5c903c81dff (commit)
from c73aa309049c4f04ec81f0f1cf552eab8456a16e (commit)
- Log -----------------------------------------------------------------
commit 4e0d184ac1dde845ba9574872e2ae5c903c81dff
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed May 4 16:09:06 2016 +0100
Fix name length limit check.
The name length limit check in x509_name_ex_d2i() includes
the containing structure as well as the actual X509_NAME. This will
cause large CRLs to be rejected.
Fix by limiting the length passed to ASN1_item_ex_d2i() which will
then return an error if the passed X509_NAME exceeds the length.
RT#4531
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x_name.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index 72682fe..662de64 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -194,10 +194,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
int i, j, ret;
STACK_OF(X509_NAME_ENTRY) *entries;
X509_NAME_ENTRY *entry;
- if (len > X509_NAME_MAX) {
- ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
- return 0;
- }
+ if (len > X509_NAME_MAX)
+ len = X509_NAME_MAX;
q = p;
/* Get internal representation of Name */
More information about the openssl-commits
mailing list