diff options
| author | Adam Langley <agl@chromium.org> | 2015-02-11 15:24:11 -0800 |
|---|---|---|
| committer | Adam Langley <agl@chromium.org> | 2015-02-13 10:59:10 -0800 |
| commit | 82fc3bd333c5ef5839bc539281e773be290b9c48 (patch) | |
| tree | 278c45cf11b517820a31a0811410c1a043f17d94 | |
| parent | 589963f79e114256d895173d7edba9adae1978bd (diff) | |
| download | boringssl-82fc3bd333c5ef5839bc539281e773be290b9c48.zip boringssl-82fc3bd333c5ef5839bc539281e773be290b9c48.tar.gz boringssl-82fc3bd333c5ef5839bc539281e773be290b9c48.tar.bz2 | |
More complete input validation of X509_check_mumble.
(Imported from upstream's 3d15d58e55b97207188e87708a0e7f49b4bfd7fd.)
Change-Id: Iae9e3f839e03c22dc45ac2151884e7afcf31af7b
| -rw-r--r-- | crypto/x509v3/v3_utl.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 8174103..a85a2a6 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -971,20 +971,28 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags) { - if (chk && memchr(chk, '\0', chklen)) - return 0; + if (chk == NULL) + return -2; + if (memchr(chk, '\0', chklen)) + return -2; return do_x509_check(x, chk, chklen, flags, GEN_DNS); } int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags) { + if (chk == NULL) + return -2; + if (memchr(chk, '\0', chklen)) + return -2; return do_x509_check(x, chk, chklen, flags, GEN_EMAIL); } int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags) { + if (chk == NULL) + return -2; return do_x509_check(x, chk, chklen, flags, GEN_IPADD); } @@ -992,6 +1000,8 @@ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags) { unsigned char ipout[16]; int iplen; + if (ipasc == NULL) + return -2; iplen = a2i_ipadd(ipout, ipasc); if (iplen == 0) return -2; |