diff options
author | Simon Josefsson <simon@josefsson.org> | 2006-09-12 13:42:12 +0000 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2006-09-12 13:42:12 +0000 |
commit | f949320f9fd4e8acafdf65485a3f36898c425a4a (patch) | |
tree | bd4909c8cb9cc68a57019926730eb3f8efd9c4a3 | |
parent | 928a2bff06e343243be7acb902a96814a25099e1 (diff) | |
download | gnutls-f949320f9fd4e8acafdf65485a3f36898c425a4a.tar.gz |
Permit empty parameters field too, found after adding self tests.
-rw-r--r-- | lib/x509/verify.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 853d4ade41..b8080333ba 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -507,11 +507,15 @@ decode_ber_digest_info (const gnutls_datum_t * info, len = sizeof (str) - 1; result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len); - if (result != ASN1_ELEMENT_NOT_FOUND) + /* To avoid permitting garbage in the parameters field, either the + parameters field is not present, or it contains 0x05 0x00. */ + if (!(result == ASN1_ELEMENT_NOT_FOUND || + (result == ASN1_SUCCESS && len == 2 && + str[0] == 0x05 && str[1] == 0x00))) { gnutls_assert (); asn1_delete_structure (&dinfo); - return _gnutls_asn2err (result); + return GNUTLS_E_ASN1_GENERIC_ERROR; } result = asn1_read_value (dinfo, "digest", digest, digest_size); |