Commit 20fc103f authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Limit status message sisze in ts_get_status_check 



Thanks to Shi Lei for reporting this issue.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent acc00492

crypto/ts/ts_rsp_verify.c

+3 −1
Original line number Diff line number Diff line
@@ -451,12 +451,14 @@ static int ts_check_status_info(TS_RESP *response) 
static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)

{

    int i;

    unsigned int length = 0;

    int length = 0;

    char *result = NULL;

    char *p;



    for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) {

        ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);

        if (ASN1_STRING_length(current) > TS_MAX_STATUS_LENGTH - length - 1)

            return NULL;

        length += ASN1_STRING_length(current);

        length += 1;            /* separator character */

    }

include/openssl/ts.h

+3 −0
Original line number Diff line number Diff line
@@ -346,6 +346,9 @@ int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, 
/* At most we accept usec precision. */

# define TS_MAX_CLOCK_PRECISION_DIGITS   6



/* Maximum status message length */

# define TS_MAX_STATUS_LENGTH   (1024 * 1024)



/* No flags are set by default. */

void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);