From: Nikos Mavrogiannopoulos Date: Mon, 20 Apr 2015 12:04:37 +0000 (+0200) Subject: Check for invalid length in the X.509 version field X-Git-Tag: gnutls_3_4_1~60 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=684c7b3582001da7a9f77fff162fa12b2c678446;p=thirdparty%2Fgnutls.git Check for invalid length in the X.509 version field If such an invalid length is detected, reject the certificate. Reported by Hanno Böck. --- diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 8e5948becf..d4df162712 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -347,7 +347,13 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, } /* enforce the rule that only version 3 certificates carry extensions */ - version = gnutls_x509_crt_get_version(cert); + result = gnutls_x509_crt_get_version(cert); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + version = result; if (version < 3) { gnutls_datum_t exts; result = _gnutls_x509_get_raw_field2(cert->cert, &cert->der, @@ -741,6 +747,9 @@ int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert) return _gnutls_asn2err(result); } + if (len == 0) + return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR); + return (int) version[0] + 1; }