[crypto] Check that common name contains no NUL characters

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 3261b8eb686b9a6dfeeb1498bade4cb652074670..356b60a368998105f881f0a4f6840bbb06111e7a 100644 (file)
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -575,6 +575,15 @@ static int x509_parse_common_name ( struct x509_certificate *cert, char **name,
                if ( ! *name )
                        return -ENOMEM;
                memcpy ( *name, name_cursor.data, name_cursor.len );
+
+               /* Check that name contains no NULs */
+               if ( strlen ( *name ) != name_cursor.len ) {
+                       DBGC ( cert, "X509 %p contains malicious commonName:\n",
+                              cert );
+                       DBGC_HDA ( cert, 0, raw->data, raw->len );
+                       return rc;
+               }
+
                return 0;
        }