x509: Make sure the status in OCSP responses has the correct length

author Tobias Brunner <tobias@strongswan.org>

Fri, 24 Nov 2023 13:49:24 +0000 (14:49 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Fri, 24 Nov 2023 16:41:18 +0000 (17:41 +0100)
author Tobias Brunner <tobias@strongswan.org>
Fri, 24 Nov 2023 13:49:24 +0000 (14:49 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Fri, 24 Nov 2023 16:41:18 +0000 (17:41 +0100)
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c

index 245b3fac3c9a0dab400365548627f0dac8f905f1..820e4ceba2b258427471690fff44bea67879f206 100644 (file)
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -827,6 +827,10 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this)
                 switch (objectID)
                 {
                         case OCSP_RESPONSE_STATUS:
+                               if (object.len != 1)
+                               {
+                                       goto end;
+                               }
                                 this->ocsp_status = (ocsp_status_t)*object.ptr;
                                 switch (this->ocsp_status)
                                 {
author	Tobias Brunner <tobias@strongswan.org>
	Fri, 24 Nov 2023 13:49:24 +0000 (14:49 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Fri, 24 Nov 2023 16:41:18 +0000 (17:41 +0100)