Allow the entry_name size to be set in config.h
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
diff --git a/ChangeLog b/ChangeLog
index 6d7f1c2..a4f98ce 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@
is functioning correctly.
* Added a script to print build environment info for diagnostic use in test
scripts, which is also now called by all.sh.
+ * Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to
+ configure the maximum length of a file path that can be buffered when
+ calling mbedtls_x509_crt_parse_path().
Bugfix
* Fix for platform time abstraction to avoid dependency issues where a build
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 456ec66..8d7d631 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2569,6 +2569,7 @@
/* X509 options */
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
+//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
/* \} name SECTION: Customisation configuration options */
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 41b6bfe..383e484 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -120,6 +120,10 @@
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
+#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
+#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
+#endif
+
/**
* Container for writing a certificate (CRT)
*/
diff --git a/library/x509_crt.c b/library/x509_crt.c
index af6c2a4..60e14f9 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1160,9 +1160,10 @@
FindClose( hFind );
#else /* _WIN32 */
int t_ret;
+ int snp_ret;
struct stat sb;
struct dirent *entry;
- char entry_name[255];
+ char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
DIR *dir = opendir( path );
if( dir == NULL )
@@ -1178,11 +1179,16 @@
while( ( entry = readdir( dir ) ) != NULL )
{
- mbedtls_snprintf( entry_name, sizeof entry_name, "%s/%s", path, entry->d_name );
+ snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
+ "%s/%s", path, entry->d_name );
- if( stat( entry_name, &sb ) == -1 )
+ if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name )
{
- closedir( dir );
+ ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ goto cleanup;
+ }
+ else if( stat( entry_name, &sb ) == -1 )
+ {
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
goto cleanup;
}
@@ -1198,9 +1204,10 @@
else
ret += t_ret;
}
- closedir( dir );
cleanup:
+ closedir( dir );
+
#if defined(MBEDTLS_THREADING_PTHREAD)
if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;