diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-08-27 17:03:09 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-08-27 17:03:09 +0200 |
| commit | c089e019ef83a77b2fdca24d0875ef25f6b38f1a (patch) | |
| tree | 92739d64ade101ab556d2ea8cc51499455baa456 | |
| parent | 5535cafa6b73c692c3181027f2050e9f3f249c79 (diff) | |
| download | gnutls-c089e019ef83a77b2fdca24d0875ef25f6b38f1a.tar.gz | |
ocsp: corrected the comparison of the serial size in OCSP response
Previously the OCSP certificate check wouldn't verify the serial length
and could succeed in cases it shouldn't.
Reported by Stefan Buehler.
| -rw-r--r-- | lib/x509/ocsp.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 4ddaed8d2b..4133e2381f 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -1257,6 +1257,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp, gnutls_assert(); goto cleanup; } + cserial.size = t; if (rserial.size != cserial.size || memcmp(cserial.data, rserial.data, rserial.size) != 0) { |