From 16bdf9c11b823069768d00a7135bafe7ab3117af Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Tue, 26 May 2015 22:12:19 +0200
Subject: Check the OID size for match when comparing for the OCSP nonce
 extension
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported by Hanno Böck.
---
 lib/x509/ocsp_output.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/x509/ocsp_output.c b/lib/x509/ocsp_output.c
index 20fe7de70d..d96ebc0587 100644
--- a/lib/x509/ocsp_output.c
+++ b/lib/x509/ocsp_output.c
@@ -112,7 +112,8 @@ static void print_req(gnutls_buffer_st * str, gnutls_ocsp_req_t req)
 		if (indx == 0)
 			adds(str, "\tExtensions:\n");
 
-		if (memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
+		if (oid.size == sizeof(GNUTLS_OCSP_NONCE) &&
+		    memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
 			gnutls_datum_t nonce;
 			unsigned int critical;
 
@@ -469,7 +470,8 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_t resp,
 			continue;
 		}
 
-		if (memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
+		if (oid.size == sizeof(GNUTLS_OCSP_NONCE) &&
+		    memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
 			gnutls_datum_t nonce;
 			unsigned int critical;
 
-- 
cgit v1.2.1