projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add size limit to X509_NAME structure.
[openssl.git]
/
crypto
/
asn1
/
x_name.c
diff --git
a/crypto/asn1/x_name.c
b/crypto/asn1/x_name.c
index 737c426f2deacf1a1ac3a08330605de8b18aac21..a858c2993b90f4471690d52088e4aeb7912dac0a 100644
(file)
--- a/
crypto/asn1/x_name.c
+++ b/
crypto/asn1/x_name.c
@@
-66,6
+66,13
@@
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
+/*
+ * Maximum length of X509_NAME: much larger than anything we should
+ * ever see in practice.
+ */
+
+#define X509_NAME_MAX (1024 * 1024)
+
static int x509_name_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_ITEM *it,
static int x509_name_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_ITEM *it,
@@
-192,6
+199,10
@@
static int x509_name_ex_d2i(ASN1_VALUE **val,
int i, j, ret;
STACK_OF(X509_NAME_ENTRY) *entries;
X509_NAME_ENTRY *entry;
int i, j, ret;
STACK_OF(X509_NAME_ENTRY) *entries;
X509_NAME_ENTRY *entry;
+ if (len > X509_NAME_MAX) {
+ ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
+ return 0;
+ }
q = p;
/* Get internal representation of Name */
q = p;
/* Get internal representation of Name */