diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-05-22 20:43:24 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-05-22 22:34:45 +0200 |
| commit | d8d9a44b22ceb204381718315773ac15be1851ba (patch) | |
| tree | 0b75c1d182dd48821aa47a35535d00d4459423ad | |
| parent | 0a13bc02e5f613dd7fba9eabf73192003e0fcc0d (diff) | |
| download | gnutls-d8d9a44b22ceb204381718315773ac15be1851ba.tar.gz | |
Do not allow null strings to be read from ASN.1 structures.
This corrects a null pointer dereference when parsing some specially
crafted certificates. Issue discovered using the Codenomicon TLS
test suite.
| -rw-r--r-- | lib/x509/common.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/x509/common.c b/lib/x509/common.c index bc9dceec58..7a038341ba 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -1003,6 +1003,11 @@ _gnutls_x509_read_value(ASN1_TYPE c, const char *root, unsigned int etype; result = asn1_read_value_type(c, root, NULL, &len, &etype); + if (result == 0 && len == 0) { + /* don't allow null strings */ + return gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR); + } + if (result != ASN1_MEM_ERROR) { gnutls_assert(); result = _gnutls_asn2err(result); |