From: Pierre Ossman <ossman@cendio.se>
Date: Tue, 24 Mar 2020 14:29:34 +0000 (+0100)
Subject: Properly compare DNs when checking sorting
X-Git-Tag: 3.6.14~36^2~1
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=bbf7ed8b122b30c9951b11cb2e8c966769754147;p=thirdparty%2Fgnutls.git

Properly compare DNs when checking sorting

We might want to do other things than a simple memcmp() so make sure
we're using the right helper when comparing DNs.

Signed-off-by: Pierre Ossman <ossman@cendio.se>
---

diff --git a/lib/x509/common.c b/lib/x509/common.c
index fbc7cc975f..c8ea6657c7 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -1809,29 +1809,20 @@ gnutls_x509_crt_t *_gnutls_sort_clist(gnutls_x509_crt_t
 
 int _gnutls_check_if_sorted(gnutls_x509_crt_t * crt, int nr)
 {
-	void *prev_dn = NULL;
-	void *dn;
-	size_t prev_dn_size = 0, dn_size;
 	int i, ret;
 
 	/* check if the X.509 list is ordered */
 	if (nr > 1) {
 		for (i = 0; i < nr; i++) {
 			if (i > 0) {
-				dn = crt[i]->raw_dn.data;
-				dn_size = crt[i]->raw_dn.size;
-
-				if (dn_size != prev_dn_size
-				    || memcmp(dn, prev_dn, dn_size) != 0) {
+				if (!_gnutls_x509_compare_raw_dn(&crt[i]->raw_dn,
+				                                 &crt[i-1]->raw_issuer_dn)) {
 					ret =
 					    gnutls_assert_val
 					    (GNUTLS_E_CERTIFICATE_LIST_UNSORTED);
 					goto cleanup;
 				}
 			}
-
-			prev_dn = crt[i]->raw_issuer_dn.data;
-			prev_dn_size = crt[i]->raw_issuer_dn.size;
 		}
 	}
 	ret = 0;