diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-01-03 01:40:22 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-01-03 01:40:22 +0000 |
commit | f4a4a0fdc7843c927f23113771e8cdbf4d05089a (patch) | |
tree | 49f1e8ef4da6c47594fe15453b34b0fa6f4c67e9 /crypto | |
parent | 9ad765173f6fbeedf17cb231d58e3abd6ce36b53 (diff) | |
download | openssl-new-f4a4a0fdc7843c927f23113771e8cdbf4d05089a.tar.gz |
PR: 2411
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Fix corner cases in RFC3779 code.
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509v3/v3_addr.c | 6 | ||||
-rw-r--r-- | crypto/x509v3/v3_asid.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index efdf7c3ba7..d97944f848 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -177,12 +177,18 @@ static int i2r_address(BIO *out, unsigned char addr[ADDR_RAW_BUF_LEN]; int i, n; + if (bs->length < 0) + return 0; switch (afi) { case IANA_AFI_IPV4: + if (bs->length > 4) + return 0; addr_expand(addr, bs, 4, fill); BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); break; case IANA_AFI_IPV6: + if (bs->length > 16) + return 0; addr_expand(addr, bs, 16, fill); for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) ; diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index eba479665e..cff04a3558 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -372,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) int v3_asid_is_canonical(ASIdentifiers *asid) { return (asid == NULL || - (ASIdentifierChoice_is_canonical(asid->asnum) || + (ASIdentifierChoice_is_canonical(asid->asnum) && ASIdentifierChoice_is_canonical(asid->rdi))); } |