Fix potential stack overflow

ChangeLog

@@ -9,6 +9,9 @@ Security
    * Fix remotely-triggerable memory leak caused by crafted X.509 certificates
      (TLS server is not affected if it doesn't ask for a client certificate)
      (found using Codenomicon Defensics).
+   * Fix potential stack overflow while parsing crafted X.509 certificates
+     (TLS server is not affected if it doesn't ask for a client certificate)
+     found using Codenomicon Defensics).
 
 Changes
    * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.

library/x509parse.c

@@ -296,6 +296,9 @@ static int x509_get_name( unsigned char **p,
     size_t set_len;
     const unsigned char *end_set;
 
+    /* don't use recursion, we'd risk stack overflow if not optimized */
+    while( 1 )
+    {
         /*
          * parse first SET, restricted to 1 element
          */
@@ -312,20 +315,20 @@ static int x509_get_name( unsigned char **p,
             return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
 
         /*
-     * recurse until end of SEQUENCE is reached
+         * continue until end of SEQUENCE is reached
          */
         if( *p == end )
             return( 0 );
 
-    cur->next = (x509_name *) malloc(
+        cur->next = (x509_name *) malloc( sizeof( x509_name ) );
-         sizeof( x509_name ) );
 
         if( cur->next == NULL )
             return( POLARSSL_ERR_X509_MALLOC_FAILED );
 
         memset( cur->next, 0, sizeof( x509_name ) );
 
-    return( x509_get_name( p, end, cur->next ) );
+        cur = cur->next;
+    }
 }
 
 /*