Reject negative certificate serial numbers

Thanks to 雷东政 for reporting this.

diff --git a/src/object/certificate.c b/src/object/certificate.c
index 731c9b82c03fbaaa2b857700601fb95a60033c5e..ac5108ee93da5111cfcae1adb97145ac9f61f0d9 100644 (file)
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -139,6 +139,11 @@ validate_serial_number(X509 *cert)
        if (log_val_enabled(LOG_DEBUG))
                debug_serial_number(number);
 
+       if (BN_is_negative(number)) {
+               BN_free(number);
+               return pr_val_err("Serial number is negative.");
+       }
+
        state = state_retrieve();
        x509stack_store_serial(validation_certstack(state), number);
        return 0;