Fix name length limit check. (4e0d184a) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit 4e0d184a authored May 04, 2016 by

Dr. Stephen Henson

Fix name length limit check.



The name length limit check in x509_name_ex_d2i() includes
the containing structure as well as the actual X509_NAME. This will
cause large CRLs to be rejected.

Fix by limiting the length passed to ASN1_item_ex_d2i() which will
then return an error if the passed X509_NAME exceeds the length.

RT#4531

Reviewed-by: Rich Salz <rsalz@openssl.org>

parent c73aa309

Hide whitespace changes

Inline Side-by-side

Please register or to comment