diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-04-20 14:04:37 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-04-20 14:09:03 +0200 |
| commit | 1f3f0b5fe56b6b59c531d81b4790c32fdb880410 (patch) | |
| tree | 5d5ac8b56c3d69a5715bc6f2e64f4fc0468bd49c | |
| parent | 872d5e5c97929b3df31fb6913d11ce78d6787a3b (diff) | |
| download | gnutls-1f3f0b5fe56b6b59c531d81b4790c32fdb880410.tar.gz | |
Check for invalid length in the X.509 version field
If such an invalid length is detected, reject the certificate.
Reported by Hanno Böck.
| -rw-r--r-- | lib/x509/x509.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 4416be0f66..eb59e1975b 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -344,7 +344,13 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, } /* enforce the rule that only version 3 certificates carry extensions */ - version = gnutls_x509_crt_get_version(cert); + result = gnutls_x509_crt_get_version(cert); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + version = result; if (version < 3) { gnutls_datum_t exts; result = _gnutls_x509_get_raw_field2(cert->cert, &cert->der, @@ -738,6 +744,9 @@ int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert) return _gnutls_asn2err(result); } + if (len == 0) + return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR); + return (int) version[0] + 1; } |