Add size limit to X509_NAME structure.

author Dr. Stephen Henson <steve@openssl.org>

Thu, 28 Apr 2016 11:55:29 +0000 (12:55 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 29 Apr 2016 18:45:52 +0000 (19:45 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 28 Apr 2016 11:55:29 +0000 (12:55 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 29 Apr 2016 18:45:52 +0000 (19:45 +0100)
diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c

index 737c426f2deacf1a1ac3a08330605de8b18aac21..a858c2993b90f4471690d52088e4aeb7912dac0a 100644 (file)
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -66,6 +66,13 @@
  typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
  DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
  
+/*
+ * Maximum length of X509_NAME: much larger than anything we should
+ * ever see in practice.
+ */
+
+#define X509_NAME_MAX (1024 * 1024)
+
  static int x509_name_ex_d2i(ASN1_VALUE **val,
                              const unsigned char **in, long len,
                              const ASN1_ITEM *it,
@@ -192,6 +199,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
      int i, j, ret;
      STACK_OF(X509_NAME_ENTRY) *entries;
      X509_NAME_ENTRY *entry;
+    if (len > X509_NAME_MAX) {
+        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
+        return 0;
+    }
      q = p;
  
      /* Get internal representation of Name */
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 28 Apr 2016 11:55:29 +0000 (12:55 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 29 Apr 2016 18:45:52 +0000 (19:45 +0100)