diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-07-28 10:37:00 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-07-28 10:44:53 +0200 |
| commit | 31ababffacb52d8d0565971349c7eb798cd2ca69 (patch) | |
| tree | 004f1d3b4662acff68871c6a170d1ec11da6b1d4 | |
| parent | 7ac8069572032c942b45c750d2ff77ad877804d7 (diff) | |
| download | gnutls-31ababffacb52d8d0565971349c7eb798cd2ca69.tar.gz | |
x509: parse_tlsfeatures: move limit check at the point of addition
This prevents appending failures when verifying chains on certificates
which use the maximum allowed number of features. Suggested by Tim
Kosse.
| -rw-r--r-- | lib/x509/x509_ext.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c index 4e9af34bed..ab31ac30bd 100644 --- a/lib/x509/x509_ext.c +++ b/lib/x509/x509_ext.c @@ -3180,11 +3180,6 @@ static int parse_tlsfeatures(ASN1_TYPE c2, gnutls_x509_tlsfeatures_t f, unsigned return GNUTLS_E_CERTIFICATE_ERROR; } - if (f->size >= sizeof(f->feature)/sizeof(f->feature[0])) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } - /* skip duplicates */ for (j=0;j<f->size;j++) { if (f->feature[j] == feature) { @@ -3194,6 +3189,11 @@ static int parse_tlsfeatures(ASN1_TYPE c2, gnutls_x509_tlsfeatures_t f, unsigned } if (!skip) { + if (f->size >= sizeof(f->feature)/sizeof(f->feature[0])) { + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } + indx = f->size; f->feature[indx] = feature; f->size++; |