PR: 2411

Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Fix corner cases in RFC3779 code.

diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 9087d66e0ad3c0a0cc8e38395bdbf7cee6ecbcfa..0d70e8696d979928ea30f3906bc3479507d5d906 100644 (file)
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -177,12 +177,18 @@ static int i2r_address(BIO *out,
   unsigned char addr[ADDR_RAW_BUF_LEN];
   int i, n;
 
+  if (bs->length < 0)
+    return 0;
   switch (afi) {
   case IANA_AFI_IPV4:
+    if (bs->length > 4)
+      return 0;
     addr_expand(addr, bs, 4, fill);
     BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
     break;
   case IANA_AFI_IPV6:
+    if (bs->length > 16)
+      return 0;
     addr_expand(addr, bs, 16, fill);
     for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
       ;

diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
index 2b8c0a08242ea0df284185208f3fd94eab1ef1e7..da0029a01168994062584e7909f67c1c737d2cab 100644 (file)
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@@ -372,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 int v3_asid_is_canonical(ASIdentifiers *asid)
 {
   return (asid == NULL ||
-         (ASIdentifierChoice_is_canonical(asid->asnum) ||
+         (ASIdentifierChoice_is_canonical(asid->asnum) &&
           ASIdentifierChoice_is_canonical(asid->rdi)));
 }