Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / b00ca42f2a26133172d9df9304bfbc9b093a43dc^! / .
commitb00ca42f2a26133172d9df9304bfbc9b093a43dc[log] [tgz]
authorPaul Bakker <p.j.bakker@polarssl.org>Tue Sep 25 12:10:00 2012 +0000
committerPaul Bakker <p.j.bakker@polarssl.org>Tue Sep 25 12:10:00 2012 +0000
tree7b1597d1f04df9170acca79cf9bf38da4c672d6f
parent4811b565247ab30aea774e091dd060d8275e67f7 [diff]
 - Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob


diff --git a/ChangeLog b/ChangeLog
index a4a2172..5f51ff0 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -52,6 +52,7 @@
    * Prevent reading over buffer boundaries on X509 certificate parsing
    * mpi_add_abs() now correctly handles adding short numbers to long numbers
      with carry rollover (found by Ruslan Yushchenko)
+   * Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
 
 Security
    * Fixed potential memory corruption on miscrafted client messages (found by

diff --git a/library/x509parse.c b/library/x509parse.c
index 3513f1b..3968666 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c

@@ -1134,7 +1134,7 @@
 {
     int ret;
     size_t len;
-    unsigned char *p, *end;
+    unsigned char *p, *end, *crt_end;
 
     /*
      * Check for valid input
@@ -1168,13 +1168,14 @@
         return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
     }
 
-    if( len != (size_t) ( end - p ) )
+    if( len > (size_t) ( end - p ) )
     {
         x509_free( crt );
         return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
                 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
     }
-
+    crt_end = p + len;
+    
     /*
      * TBSCertificate  ::=  SEQUENCE  {
      */
@@ -1344,7 +1345,7 @@
                 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
     }
 
-    end = crt->raw.p + crt->raw.len;
+    end = crt_end;
 
     /*
      *  signatureAlgorithm   AlgorithmIdentifier,