git.openssl.org Git - openssl.git/commit

author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 4 May 2016 15:09:06 +0000 (16:09 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 4 May 2016 16:39:37 +0000 (17:39 +0100)
commit	4e0d184ac1dde845ba9574872e2ae5c903c81dff
tree	d140e2448750d674e2f3fb25a4297a9b571da66b	tree \| snapshot
parent	c73aa309049c4f04ec81f0f1cf552eab8456a16e	commit \| diff

Fix name length limit check.

The name length limit check in x509_name_ex_d2i() includes
the containing structure as well as the actual X509_NAME. This will
cause large CRLs to be rejected.

Fix by limiting the length passed to ASN1_item_ex_d2i() which will
then return an error if the passed X509_NAME exceeds the length.

RT#4531

Reviewed-by: Rich Salz <rsalz@openssl.org>

crypto/x509/x_name.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom