Permit empty parameters field too, found after adding self tests.

author: Simon Josefsson <simon@josefsson.org> 2006-09-12 13:11:23 +0000
committer: Simon Josefsson <simon@josefsson.org> 2006-09-12 13:11:23 +0000
commit: b463a58f0b6f5bc41922791eae1fa2f1eaf2fbe4 (patch)
tree: ba3015247bbbf4d30ae82899590be76f10aa4472 /lib/x509/verify.c
parent: ba75867707bf6c22e5abb58464d352b1f8523d07 (diff)
download: gnutls-b463a58f0b6f5bc41922791eae1fa2f1eaf2fbe4.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 853d4ade41..b8080333ba 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -507,11 +507,15 @@ decode_ber_digest_info (const gnutls_datum_t * info,
 
   len = sizeof (str) - 1;
   result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len);
-  if (result != ASN1_ELEMENT_NOT_FOUND)
+  /* To avoid permitting garbage in the parameters field, either the
+     parameters field is not present, or it contains 0x05 0x00. */
+  if (!(result == ASN1_ELEMENT_NOT_FOUND ||
+	(result == ASN1_SUCCESS && len == 2 &&
+	 str[0] == 0x05 && str[1] == 0x00)))
     {
       gnutls_assert ();
       asn1_delete_structure (&dinfo);
-      return _gnutls_asn2err (result);
+      return GNUTLS_E_ASN1_GENERIC_ERROR;
     }
 
   result = asn1_read_value (dinfo, "digest", digest, digest_size);
author	Simon Josefsson <simon@josefsson.org>	2006-09-12 13:11:23 +0000
committer	Simon Josefsson <simon@josefsson.org>	2006-09-12 13:11:23 +0000
commit	b463a58f0b6f5bc41922791eae1fa2f1eaf2fbe4 (patch)
tree	ba3015247bbbf4d30ae82899590be76f10aa4472 /lib/x509/verify.c
parent	ba75867707bf6c22e5abb58464d352b1f8523d07 (diff)
download	gnutls-b463a58f0b6f5bc41922791eae1fa2f1eaf2fbe4.tar.gz