Fix name length limit check.

The name length limit check in x509_name_ex_d2i() includes the containing structure as well as the actual X509_NAME. This will cause large CRLs to be rejected. Fix by limiting the length passed to ASN1_item_ex_d2i() which will then return an error if the passed X509_NAME exceeds the length. RT#4531 Reviewed-by: N Rich Salz <rsalz@openssl.org>

Fix name length limit check.
The name length limit check in x509_name_ex_d2i() includes the containing structure as well as the actual X509_NAME. This will cause large CRLs to be rejected. Fix by limiting the length passed to ASN1_item_ex_d2i() which will then return an error if the passed X509_NAME exceeds the length. RT#4531 Reviewed-by: N Rich Salz <rsalz@openssl.org>
4e0d184a · Dr. Stephen Henson · c73aa309 · 4e0d184a
显示空白变更内容
内联并排

Showing with 2 addition and 4 deletion

crypto/x509/x_name.c crypto/x509/x_name.c +2 -4

未找到文件。
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -194,10 +194,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
    int i, j, ret;
    STACK_OF(X509_NAME_ENTRY) *entries;
    X509_NAME_ENTRY *entry;
-    if (len > X509_NAME_MAX) {
+    if (len > X509_NAME_MAX)
-        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
+        len = X509_NAME_MAX;
-        return 0;
-    }
    q = p;
    /* Get internal representation of Name */