Commit 4e0d184a authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix name length limit check. 



The name length limit check in x509_name_ex_d2i() includes
the containing structure as well as the actual X509_NAME. This will
cause large CRLs to be rejected.

Fix by limiting the length passed to ASN1_item_ex_d2i() which will
then return an error if the passed X509_NAME exceeds the length.

RT#4531

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent c73aa309

crypto/x509/x_name.c

+2 −4
Original line number Diff line number Diff line
@@ -194,10 +194,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, 
    int i, j, ret;

    STACK_OF(X509_NAME_ENTRY) *entries;

    X509_NAME_ENTRY *entry;

    if (len > X509_NAME_MAX) {

        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);

        return 0;

    }

    if (len > X509_NAME_MAX)

        len = X509_NAME_MAX;

    q = p;



    /* Get internal representation of Name */