Correctly handle CertificateRequest with empty DN list in <= TLS 1.1

commit: 9c94cddeaebd513e72924381ce58d24d740a823c [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Tue Jan 22 13:45:33 2013 +0100
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Jan 22 14:21:49 2013 +0100
tree: 1fe38045d6a34bcad6d8b1aa93491acb0a6b97ab
parent: f626e1dd28466543d9704b5f0374a61f66e3f587 [diff] [blame]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index a716710..42ddf41 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -894,7 +894,7 @@
 {
     int ret;
     unsigned char *buf, *p;
-    size_t n = 0;
+    size_t n = 0, m = 0;
     size_t cert_type_len = 0, sig_alg_len = 0, dn_len = 0;
 
     SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
@@ -976,6 +976,7 @@
                       | ( buf[6 + n]       ) );
 
         p = buf + 7 + n;
+        m += 2;
         n += sig_alg_len;
 
         if( ssl->in_hslen < 6 + n )
@@ -985,11 +986,11 @@
         }
     } 
 
-    dn_len = ( ( buf[7 + n] <<  8 )
-             | ( buf[8 + n]       ) );
+    dn_len = ( ( buf[5 + m + n] <<  8 )
+             | ( buf[6 + m + n]       ) );
 
     n += dn_len;
-    if( ssl->in_hslen != 9 + n )
+    if( ssl->in_hslen != 7 + m + n )
     {
         SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
         return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
commit	9c94cddeaebd513e72924381ce58d24d740a823c	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Tue Jan 22 13:45:33 2013 +0100
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Jan 22 14:21:49 2013 +0100
tree	1fe38045d6a34bcad6d8b1aa93491acb0a6b97ab
parent	f626e1dd28466543d9704b5f0374a61f66e3f587 [diff] [blame]