diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-05-26 22:12:19 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-05-26 22:19:00 +0200 |
| commit | 16bdf9c11b823069768d00a7135bafe7ab3117af (patch) | |
| tree | 93239315987ccb3cb4ec52093506022f85886b5a /lib | |
| parent | faed7dea81d44139b1e0fb5ec63a4161b4b78443 (diff) | |
| download | gnutls-16bdf9c11b823069768d00a7135bafe7ab3117af.tar.gz | |
Check the OID size for match when comparing for the OCSP nonce extension
Reported by Hanno Böck.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/x509/ocsp_output.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/x509/ocsp_output.c b/lib/x509/ocsp_output.c index 20fe7de70d..d96ebc0587 100644 --- a/lib/x509/ocsp_output.c +++ b/lib/x509/ocsp_output.c @@ -112,7 +112,8 @@ static void print_req(gnutls_buffer_st * str, gnutls_ocsp_req_t req) if (indx == 0) adds(str, "\tExtensions:\n"); - if (memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) { + if (oid.size == sizeof(GNUTLS_OCSP_NONCE) && + memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) { gnutls_datum_t nonce; unsigned int critical; @@ -469,7 +470,8 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_t resp, continue; } - if (memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) { + if (oid.size == sizeof(GNUTLS_OCSP_NONCE) && + memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) { gnutls_datum_t nonce; unsigned int critical; |