If such an invalid length is detected, reject the certificate.
Reported by Hanno Böck.
}
/* enforce the rule that only version 3 certificates carry extensions */
- version = gnutls_x509_crt_get_version(cert);
+ result = gnutls_x509_crt_get_version(cert);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ version = result;
if (version < 3) {
gnutls_datum_t exts;
result = _gnutls_x509_get_raw_field2(cert->cert, &cert->der,
return _gnutls_asn2err(result);
}
+ if (len == 0)
+ return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR);
+
return (int) version[0] + 1;
}