fixes in the certificate extensions handling code.

Bugs reported by Neil Spring <nspring@saavie.org>

2 files changed, 12 insertions, 5 deletions

diff --git a/lib/x509_asn1.c b/lib/x509_asn1.c
index ae3295131b..3bea2f5564 100755
--- a/lib/x509_asn1.c
+++ b/lib/x509_asn1.c
@@ -187,8 +187,10 @@ _asn1_remove_node(node_asn *node)
 
   if(node==NULL) return;
 
-  gnutls_free(node->name);
-  gnutls_free(node->value);
+  if (node->name!=NULL)
+	  gnutls_free(node->name);
+  if (node->value!=NULL)
+	  gnutls_free(node->value);
   gnutls_free(node);
 }
 
diff --git a/lib/x509_extensions.c b/lib/x509_extensions.c
index 16a34bd32d..d4978c3230 100644
--- a/lib/x509_extensions.c
+++ b/lib/x509_extensions.c
@@ -207,7 +207,7 @@ int _gnutls_get_ext_type( node_asn *rasn, char *root, gnutls_cert *cert)
 	char str[1024];
 	char critical[10];
 	char extnID[128];
-	char extnValue[128];
+	char extnValue[512];
 
 	k = 0;
 	do {
@@ -261,12 +261,17 @@ int _gnutls_get_ext_type( node_asn *rasn, char *root, gnutls_cert *cert)
 			result = asn1_read_value( rasn, name2, extnValue, &len);
 
 			if (result==ASN_ELEMENT_NOT_FOUND) break;
-			else
+			else {
+				if (result==ASN_MEM_ERROR && strcmp(critical, "TRUE")==0) {
+					_gnutls_log("Cannot parse extension: %s. Too small buffer.", extnID);
+					continue;
+				}
 				if (result != ASN_OK) {
 					gnutls_assert();
 					return GNUTLS_E_ASN1_PARSING_ERROR;
 				}
-
+			}
+			
 			/* Handle Extension */
 			if ( (result=_parse_extension( cert, extnID, critical, extnValue, len)) < 0) {
 				gnutls_assert();