dane: Added sanity check in dane_verify_crt_raw()

That allows calling the function will an empty chain. Reported by Simon Arlott.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-07-06 22:58:42 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-07-06 23:13:52 +0200
commit: a9e8c57218e9e29186130836aada2f21c71b8b7f (patch)
tree: 81904521ca859fab76b3eb800895ad0b9761ce7b
parent: e3ca73a6fafd1a4dfe4b1a604acbe2a59ebd6218 (diff)
download: gnutls-a9e8c57218e9e29186130836aada2f21c71b8b7f.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libdane/dane.c b/libdane/dane.c
index 7d428a5f22..e47178ddf8 100644
--- a/libdane/dane.c
+++ b/libdane/dane.c
@@ -645,6 +645,9 @@ dane_verify_crt_raw(dane_state_t s,
 	if (chain_type != GNUTLS_CRT_X509)
 		return gnutls_assert_val(DANE_E_INVALID_REQUEST);
 
+	if (chain_size == 0)
+		return gnutls_assert_val(DANE_E_NO_CERT);
+
 	*verify = 0;
 	idx = 0;
 	do {
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-07-06 22:58:42 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-07-06 23:13:52 +0200
commit	a9e8c57218e9e29186130836aada2f21c71b8b7f (patch)
tree	81904521ca859fab76b3eb800895ad0b9761ce7b
parent	e3ca73a6fafd1a4dfe4b1a604acbe2a59ebd6218 (diff)
download	gnutls-a9e8c57218e9e29186130836aada2f21c71b8b7f.tar.gz