diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-07-06 22:58:42 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-07-06 23:13:52 +0200 |
commit | a9e8c57218e9e29186130836aada2f21c71b8b7f (patch) | |
tree | 81904521ca859fab76b3eb800895ad0b9761ce7b | |
parent | e3ca73a6fafd1a4dfe4b1a604acbe2a59ebd6218 (diff) | |
download | gnutls-a9e8c57218e9e29186130836aada2f21c71b8b7f.tar.gz |
dane: Added sanity check in dane_verify_crt_raw()
That allows calling the function will an empty chain.
Reported by Simon Arlott.
-rw-r--r-- | libdane/dane.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/libdane/dane.c b/libdane/dane.c index 7d428a5f22..e47178ddf8 100644 --- a/libdane/dane.c +++ b/libdane/dane.c @@ -645,6 +645,9 @@ dane_verify_crt_raw(dane_state_t s, if (chain_type != GNUTLS_CRT_X509) return gnutls_assert_val(DANE_E_INVALID_REQUEST); + if (chain_size == 0) + return gnutls_assert_val(DANE_E_NO_CERT); + *verify = 0; idx = 0; do { |