Fix name length limit check. (a1eef756) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit a1eef756 authored May 04, 2016 by

Dr. Stephen Henson

Fix name length limit check.



The name length limit check in x509_name_ex_d2i() includes
the containing structure as well as the actual X509_NAME. This will
cause large CRLs to be rejected.

Fix by limiting the length passed to ASN1_item_ex_d2i() which will
then return an error if the passed X509_NAME exceeds the length.

RT#4531

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4e0d184a)

parent b8c75aab

Hide whitespace changes

Inline Side-by-side

Please register or to comment