diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2016-04-28 12:55:29 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2016-04-29 19:42:21 +0100 |
| commit | 295f3a24919157e2f9021d0b1709353710ad63db (patch) | |
| tree | 61b904636cd9951c2b271d9e5f9b65fc11e886be /crypto/x509 | |
| parent | 3cd3f0024bd432f5396979757a5cf075cc0955d2 (diff) | |
| download | openssl-295f3a24919157e2f9021d0b1709353710ad63db.zip openssl-295f3a24919157e2f9021d0b1709353710ad63db.tar.gz openssl-295f3a24919157e2f9021d0b1709353710ad63db.tar.bz2 | |
Add size limit to X509_NAME structure.
This adds an explicit limit to the size of an X509_NAME structure. Some
part of OpenSSL (e.g. TLS) already effectively limit the size due to
restrictions on certificate size.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'crypto/x509')
| -rw-r--r-- | crypto/x509/x_name.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index cd6c719..72682fe 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -64,6 +64,13 @@ #include "internal/asn1_int.h" #include "x509_lcl.h" +/* + * Maximum length of X509_NAME: much larger than anything we should + * ever see in practice. + */ + +#define X509_NAME_MAX (1024 * 1024) + static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, @@ -187,6 +194,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, int i, j, ret; STACK_OF(X509_NAME_ENTRY) *entries; X509_NAME_ENTRY *entry; + if (len > X509_NAME_MAX) { + ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG); + return 0; + } q = p; /* Get internal representation of Name */ |