summaryrefslogtreecommitdiff
path: root/lib/x509asn1.h
diff options
context:
space:
mode:
authorPatrick Monnerat <patrick@monnerat.net>2016-11-24 14:28:39 +0100
committerPatrick Monnerat <patrick@monnerat.net>2016-11-24 14:28:39 +0100
commit945f60e8a7f08aedb0eede5e3574f1972fc86ec8 (patch)
tree6a3479b7bdaf88a17f4f915846c1fddaff73873a /lib/x509asn1.h
parent3e9c0230f45cafb9154bb4fcdc8ff2b51f00701a (diff)
downloadcurl-945f60e8a7f08aedb0eede5e3574f1972fc86ec8.tar.gz
Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows.
See CRL-01-006.
Diffstat (limited to 'lib/x509asn1.h')
-rw-r--r--lib/x509asn1.h9
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/x509asn1.h b/lib/x509asn1.h
index 0f2b9304f..f5c88e8e0 100644
--- a/lib/x509asn1.h
+++ b/lib/x509asn1.h
@@ -8,7 +8,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -34,6 +34,9 @@
* Constants.
*/
+/* Largest supported ASN.1 structure. */
+#define CURL_ASN1_MAX ((size_t) 0x40000) /* 256K */
+
/* ASN.1 classes. */
#define CURL_ASN1_UNIVERSAL 0
#define CURL_ASN1_APPLICATION 1
@@ -121,8 +124,8 @@ const char * Curl_getASN1Element(curl_asn1Element * elem,
const char * beg, const char * end);
const char * Curl_ASN1tostr(curl_asn1Element * elem, int type);
const char * Curl_DNtostr(curl_asn1Element * dn);
-void Curl_parseX509(curl_X509certificate * cert,
- const char * beg, const char * end);
+int Curl_parseX509(curl_X509certificate * cert,
+ const char * beg, const char * end);
CURLcode Curl_extract_certinfo(struct connectdata * conn, int certnum,
const char * beg, const char * end);
CURLcode Curl_verifyhost(struct connectdata * conn,