[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Dr. Stephen Henson steve at openssl.org
Wed May 4 16:45:12 UTC 2016

The branch OpenSSL_1_0_2-stable has been updated
       via  a1eef756cc1948ed4d1f175d97367aa2b24d962d (commit)
      from  b8c75aab217842e527bd6dbe21d1908484edfb03 (commit)

- Log -----------------------------------------------------------------
commit a1eef756cc1948ed4d1f175d97367aa2b24d962d
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed May 4 16:09:06 2016 +0100

    Fix name length limit check.
    The name length limit check in x509_name_ex_d2i() includes
    the containing structure as well as the actual X509_NAME. This will
    cause large CRLs to be rejected.
    Fix by limiting the length passed to ASN1_item_ex_d2i() which will
    then return an error if the passed X509_NAME exceeds the length.
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 4e0d184ac1dde845ba9574872e2ae5c903c81dff)


Summary of changes:
 crypto/asn1/x_name.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
index a858c29..26378fd 100644
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -199,10 +199,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
     int i, j, ret;
     STACK_OF(X509_NAME_ENTRY) *entries;
     X509_NAME_ENTRY *entry;
-    if (len > X509_NAME_MAX) {
-        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
-        return 0;
-    }
+    if (len > X509_NAME_MAX)
+        len = X509_NAME_MAX;
     q = p;
     /* Get internal representation of Name */

More information about the openssl-commits mailing list