]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 28dab7c) | patch
Fix name length limit check.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 4 May 2016 15:09:06 +0000 (16:09 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 4 May 2016 16:41:20 +0000 (17:41 +0100)
commitb583c1bd069f6928c3973dc6d6864930f6c4bb3e
tree9f65ae1228cf97af4e5baeeb2fef33750775a6ddtree | snapshot
parent28dab7cfba522603d88ca95aab16b335060b6c3dcommit | diff
Fix name length limit check.

The name length limit check in x509_name_ex_d2i() includes
the containing structure as well as the actual X509_NAME. This will
cause large CRLs to be rejected.

Fix by limiting the length passed to ASN1_item_ex_d2i() which will
then return an error if the passed X509_NAME exceeds the length.

RT#4531

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4e0d184ac1dde845ba9574872e2ae5c903c81dff)
crypto/asn1/x_name.c diff | blob | blame | history
A mirror of the official openssl repository