From 9c4846cdbe61af324f44f7e59a9e209fef112157 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 24 Nov 2023 14:49:24 +0100 Subject: [PATCH] x509: Make sure the status in OCSP responses has the correct length --- src/libstrongswan/plugins/x509/x509_ocsp_response.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 245b3fac3c..820e4ceba2 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -827,6 +827,10 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this) switch (objectID) { case OCSP_RESPONSE_STATUS: + if (object.len != 1) + { + goto end; + } this->ocsp_status = (ocsp_status_t)*object.ptr; switch (this->ocsp_status) { -- 2.47.2