Permit empty parameters field too, found after adding self tests.

author: Simon Josefsson <simon@josefsson.org> 2006-09-12 13:42:12 +0000
committer: Simon Josefsson <simon@josefsson.org> 2006-09-12 13:42:12 +0000
commit: f949320f9fd4e8acafdf65485a3f36898c425a4a (patch)
tree: bd4909c8cb9cc68a57019926730eb3f8efd9c4a3
parent: 928a2bff06e343243be7acb902a96814a25099e1 (diff)
download: gnutls-f949320f9fd4e8acafdf65485a3f36898c425a4a.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 853d4ade41..b8080333ba 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -507,11 +507,15 @@ decode_ber_digest_info (const gnutls_datum_t * info,
 
   len = sizeof (str) - 1;
   result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len);
-  if (result != ASN1_ELEMENT_NOT_FOUND)
+  /* To avoid permitting garbage in the parameters field, either the
+     parameters field is not present, or it contains 0x05 0x00. */
+  if (!(result == ASN1_ELEMENT_NOT_FOUND ||
+	(result == ASN1_SUCCESS && len == 2 &&
+	 str[0] == 0x05 && str[1] == 0x00)))
     {
       gnutls_assert ();
       asn1_delete_structure (&dinfo);
-      return _gnutls_asn2err (result);
+      return GNUTLS_E_ASN1_GENERIC_ERROR;
     }
 
   result = asn1_read_value (dinfo, "digest", digest, digest_size);
author	Simon Josefsson <simon@josefsson.org>	2006-09-12 13:42:12 +0000
committer	Simon Josefsson <simon@josefsson.org>	2006-09-12 13:42:12 +0000
commit	f949320f9fd4e8acafdf65485a3f36898c425a4a (patch)
tree	bd4909c8cb9cc68a57019926730eb3f8efd9c4a3
parent	928a2bff06e343243be7acb902a96814a25099e1 (diff)
download	gnutls-f949320f9fd4e8acafdf65485a3f36898c425a4a.tar.gz