Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
(cherry picked from commit b00ca42f2a26133172d9df9304bfbc9b093a43dc)
Conflicts:
ChangeLog (Moved message to 'Branch 1.1')
diff --git a/ChangeLog b/ChangeLog
index 4282956..444311f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@
= Branch 1.1
Bugfix
* Fixed MPI assembly for SPARC64 platform
+ * Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
Security
* Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
diff --git a/library/x509parse.c b/library/x509parse.c
index 25df0f7..c9aa738 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -1018,7 +1018,7 @@
{
int ret;
size_t len;
- unsigned char *p, *end;
+ unsigned char *p, *end, *crt_end;
/*
* Check for valid input
@@ -1052,13 +1052,14 @@
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
}
- if( len != (size_t) ( end - p ) )
+ if( len > (size_t) ( end - p ) )
{
x509_free( crt );
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
-
+ crt_end = p + len;
+
/*
* TBSCertificate ::= SEQUENCE {
*/
@@ -1228,7 +1229,7 @@
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
- end = crt->raw.p + crt->raw.len;
+ end = crt_end;
/*
* signatureAlgorithm AlgorithmIdentifier,