summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2015-04-20 14:04:37 +0200
committerNikos Mavrogiannopoulos <nmav@redhat.com>2015-04-20 14:09:03 +0200
commit1f3f0b5fe56b6b59c531d81b4790c32fdb880410 (patch)
tree5d5ac8b56c3d69a5715bc6f2e64f4fc0468bd49c
parent872d5e5c97929b3df31fb6913d11ce78d6787a3b (diff)
downloadgnutls-1f3f0b5fe56b6b59c531d81b4790c32fdb880410.tar.gz
Check for invalid length in the X.509 version field
If such an invalid length is detected, reject the certificate. Reported by Hanno Böck.
-rw-r--r--lib/x509/x509.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 4416be0f66..eb59e1975b 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -344,7 +344,13 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert,
}
/* enforce the rule that only version 3 certificates carry extensions */
- version = gnutls_x509_crt_get_version(cert);
+ result = gnutls_x509_crt_get_version(cert);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ version = result;
if (version < 3) {
gnutls_datum_t exts;
result = _gnutls_x509_get_raw_field2(cert->cert, &cert->der,
@@ -738,6 +744,9 @@ int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert)
return _gnutls_asn2err(result);
}
+ if (len == 0)
+ return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR);
+
return (int) version[0] + 1;
}