diff options
author | Simon Josefsson <simon@josefsson.org> | 2009-08-31 20:59:14 +0200 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2009-08-31 20:59:14 +0200 |
commit | 4c439e1cae52209bb74df9a091d04f85de2223de (patch) | |
tree | 5936c03eca0e34153a7974ba17dd325a265e8983 | |
parent | 3ebf20c5b4c5eb66f89952bd404850d160541adf (diff) | |
download | gnutls-4c439e1cae52209bb74df9a091d04f85de2223de.tar.gz |
Handle XMPP SANs properly.
Reported by Howard Chu <hyc@symas.com> in
<https://savannah.gnu.org/support/?106975>.
-rw-r--r-- | lib/x509/x509.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 2fa3c6b9c4..a65626b9b3 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1012,6 +1012,7 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name, if (len > strlen (XMPP_OID) && strcmp (oid, XMPP_OID) == 0) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + size_t orig_name_size = *name_size; result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.XmppAddr", &c2); @@ -1029,15 +1030,27 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name, return _gnutls_asn2err (result); } + len = *name_size; result = asn1_read_value (c2, "", name, &len); - *name_size = len; if (result != ASN1_SUCCESS) { gnutls_assert (); asn1_delete_structure (&c2); + *name_size = len + 1; return _gnutls_asn2err (result); } asn1_delete_structure (&c2); + + if (len + 1 > orig_name_size) + { + gnutls_assert (); + *name_size = len + 1; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + *name_size = len; + /* null terminate it */ + ((char *) name)[*name_size] = 0; } } } |