0 | |
From b583c1bd069f6928c3973dc6d6864930f6c4bb3e Mon Sep 17 00:00:00 2001
|
1 | |
From: "Dr. Stephen Henson" <steve@openssl.org>
|
2 | |
Date: Wed, 4 May 2016 16:09:06 +0100
|
3 | |
Subject: [PATCH] Fix name length limit check.
|
4 | |
|
5 | |
The name length limit check in x509_name_ex_d2i() includes
|
6 | |
the containing structure as well as the actual X509_NAME. This will
|
7 | |
cause large CRLs to be rejected.
|
8 | |
|
9 | |
Fix by limiting the length passed to ASN1_item_ex_d2i() which will
|
10 | |
then return an error if the passed X509_NAME exceeds the length.
|
11 | |
|
12 | |
RT#4531
|
13 | |
|
14 | |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
15 | |
(cherry picked from commit 4e0d184ac1dde845ba9574872e2ae5c903c81dff)
|
16 | |
---
|
17 | |
crypto/asn1/x_name.c | 6 ++----
|
18 | |
1 file changed, 2 insertions(+), 4 deletions(-)
|
19 | |
|
20 | |
diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
|
21 | |
index a858c29..26378fd 100644
|
22 | |
--- a/crypto/asn1/x_name.c
|
23 | |
+++ b/crypto/asn1/x_name.c
|
24 | |
@@ -199,10 +199,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
|
25 | |
int i, j, ret;
|
26 | |
STACK_OF(X509_NAME_ENTRY) *entries;
|
27 | |
X509_NAME_ENTRY *entry;
|
28 | |
- if (len > X509_NAME_MAX) {
|
29 | |
- ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
|
30 | |
- return 0;
|
31 | |
- }
|
32 | |
+ if (len > X509_NAME_MAX)
|
33 | |
+ len = X509_NAME_MAX;
|
34 | |
q = p;
|
35 | |
|
36 | |
/* Get internal representation of Name */
|
37 | |
--
|
38 | |
2.8.1
|
39 | |
|