From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 3 Jun 2013 15:30:40 +0000 (+0200)
Subject: Fail DN parsing if OID is unterminated
X-Git-Tag: 5.1.0dr1~129^2~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1abf22bd04934714bf7f5a544ce65c0bd2118e5;p=thirdparty%2Fstrongswan.git

Fail DN parsing if OID is unterminated

This is the case if the last OID is not followed by a = or if the string
starts with a =.
---

diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index f94a1c8bb8..06ec533ea7 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -398,7 +398,7 @@ static status_t atodn(char *src, chunk_t *dn)
 		switch (state)
 		{
 			case SEARCH_OID:
-				if (*src != ' ' && *src != '/' && *src !=  ',')
+				if (*src != ' ' && *src != '/' && *src !=  ',' && *src != '\0')
 				{
 					oid.ptr = src;
 					oid.len = 1;
@@ -502,6 +502,11 @@ static status_t atodn(char *src, chunk_t *dn)
 		}
 	} while (*src++ != '\0');
 
+	if (state == READ_OID)
+	{	/* unterminated OID */
+		status = INVALID_ARG;
+	}
+
 	/* build the distinguished name sequence */
 	{
 		int i;
@@ -514,7 +519,6 @@ static status_t atodn(char *src, chunk_t *dn)
 			free(rdns[i].ptr);
 		}
 	}
-
 	if (status != SUCCESS)
 	{
 		free(dn->ptr);