yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-06 21:19:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob

Browse source 
(cherry picked from commit b00ca42f2a)

Conflicts:
	ChangeLog (Moved message to 'Branch 1.1')
This commit is contained in:
Paul Bakker 2013-01-14 16:40:55 +01:00
parent a4ed0c9a76
commit 47f626184c
2 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ChangeLog
View file

@ -3,6 +3,7 @@ PolarSSL ChangeLog
= Branch 1.1
Bugfix
* Fixed MPI assembly for SPARC64 platform
* Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
Security
* Fixed potential memory zeroization on miscrafted RSA key (found by Eloi

9
library/x509parse.c
View file

@ -1018,7 +1018,7 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
{
int ret;
size_t len;
unsigned char *p, *end;
unsigned char *p, *end, *crt_end;
/*
* Check for valid input
@ -1052,13 +1052,14 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
}
if( len != (size_t) ( end - p ) )
if( len > (size_t) ( end - p ) )
{
x509_free( crt );
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
crt_end = p + len;
/*
* TBSCertificate ::= SEQUENCE {
*/
@ -1228,7 +1229,7 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
end = crt->raw.p + crt->raw.len;
end = crt_end;
/*
* signatureAlgorithm AlgorithmIdentifier,