dane: Added sanity check in dane_verify_crt_raw()

That allows calling the function will an empty chain. Reported by Simon Arlott.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-07-06 22:58:42 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-07-06 23:00:14 +0200
commit: 7e2af3d74b54905003aaf02b5aa4117cb1177194 (patch)
tree: 14ceb0517370fd18762d92a58efcc6716158dee2 /libdane
parent: 6975e79daabd9d694713b526f3944bd4cc578263 (diff)
download: gnutls-7e2af3d74b54905003aaf02b5aa4117cb1177194.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libdane/dane.c b/libdane/dane.c
index 50e6dd03eb..88a0b8b4a9 100644
--- a/libdane/dane.c
+++ b/libdane/dane.c
@@ -646,6 +646,9 @@ dane_verify_crt_raw(dane_state_t s,
 	if (chain_type != GNUTLS_CRT_X509)
 		return gnutls_assert_val(DANE_E_INVALID_REQUEST);
 
+	if (chain_size == 0)
+		return gnutls_assert_val(DANE_E_NO_CERT);
+
 	*verify = 0;
 	idx = 0;
 	do {
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-07-06 22:58:42 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-07-06 23:00:14 +0200
commit	7e2af3d74b54905003aaf02b5aa4117cb1177194 (patch)
tree	14ceb0517370fd18762d92a58efcc6716158dee2 /libdane
parent	6975e79daabd9d694713b526f3944bd4cc578263 (diff)
download	gnutls-7e2af3d74b54905003aaf02b5aa4117cb1177194.tar.gz