Commit 295f3a24 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add size limit to X509_NAME structure. 



This adds an explicit limit to the size of an X509_NAME structure. Some
part of OpenSSL (e.g. TLS) already effectively limit the size due to
restrictions on certificate size.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent 3cd3f002

crypto/x509/x_name.c

+11 −0
Original line number Diff line number Diff line
@@ -64,6 +64,13 @@ 
#include "internal/asn1_int.h"

#include "x509_lcl.h"



/*

 * Maximum length of X509_NAME: much larger than anything we should

 * ever see in practice.

 */



#define X509_NAME_MAX (1024 * 1024)



static int x509_name_ex_d2i(ASN1_VALUE **val,

                            const unsigned char **in, long len,

                            const ASN1_ITEM *it,
@@ -187,6 +194,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, 
    int i, j, ret;

    STACK_OF(X509_NAME_ENTRY) *entries;

    X509_NAME_ENTRY *entry;

    if (len > X509_NAME_MAX) {

        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);

        return 0;

    }

    q = p;



    /* Get internal representation of Name */