diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-05-17 15:04:16 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-05-17 15:04:16 +0200 |
| commit | 1bfc095bbf9545c194dce2f74df71a3fe38f64e5 (patch) | |
| tree | 310b7211e6a553cc9a7600cca6b922cda5541b5b | |
| parent | 14c10e7aec930f2c02951da0d3f82fbfb9939ebd (diff) | |
| download | gnutls-1bfc095bbf9545c194dce2f74df71a3fe38f64e5.tar.gz | |
backported signature checks.
| -rw-r--r-- | lib/x509/common.c | 4 | ||||
| -rw-r--r-- | lib/x509/x509.c | 5 |
2 files changed, 5 insertions, 4 deletions
diff --git a/lib/x509/common.c b/lib/x509/common.c index f761b25921..45f2377bf6 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -1626,7 +1626,7 @@ _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, gnutls_datum_t * signature) { int result, len; - unsigned int bits; + int bits; signature->data = NULL; signature->size = 0; @@ -1644,7 +1644,7 @@ _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, } bits = len; - if (bits % 8 != 0) + if (bits % 8 != 0 || bits < 8) { gnutls_assert (); result = GNUTLS_E_CERTIFICATE_ERROR; diff --git a/lib/x509/x509.c b/lib/x509/x509.c index f8d378285d..bbac525642 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -590,7 +590,7 @@ gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert, char *sig, size_t * sizeof_sig) { int result; - unsigned int bits; + int bits; int len; if (cert == NULL) @@ -608,7 +608,7 @@ gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert, } bits = len; - if (bits % 8 != 0) + if (bits % 8 != 0 || bits < 8) { gnutls_assert (); return GNUTLS_E_CERTIFICATE_ERROR; @@ -628,6 +628,7 @@ gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert, gnutls_assert (); return _gnutls_asn2err (result); } + *sizeof_sig = len; return 0; } |