diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-05 13:16:07 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-05 13:16:07 +0200 |
commit | e3b442314d713f99de4f58b330fdf3f6ddea60f1 (patch) | |
tree | 2b9e777cfc9d6ec6bda601d431ea7d60127c8d37 /lib/x509/common.c | |
parent | ce0d0533ac062e2f182744c4ec4872b052138133 (diff) | |
download | gnutls-e3b442314d713f99de4f58b330fdf3f6ddea60f1.tar.gz |
_gnutls_parse_general_name2: allow parsing empty names
This allows parsing empty general names such as an empty DNSname
used in name constraints.
Diffstat (limited to 'lib/x509/common.c')
-rw-r--r-- | lib/x509/common.c | 52 |
1 files changed, 36 insertions, 16 deletions
diff --git a/lib/x509/common.c b/lib/x509/common.c index c322f69ca3..2d32428100 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -674,24 +674,26 @@ _gnutls_x509_decode_string(unsigned int etype, * Note that this function always allocates one plus * the required data size (and places a null byte). */ -int -_gnutls_x509_read_value(ASN1_TYPE c, const char *root, - gnutls_datum_t * ret) +static int +x509_read_value(ASN1_TYPE c, const char *root, + gnutls_datum_t * ret, unsigned allow_null) { int len = 0, result; uint8_t *tmp = NULL; unsigned int etype; result = asn1_read_value_type(c, root, NULL, &len, &etype); - if (result == 0 && len == 0) { + if (result == 0 && allow_null == 0 && len == 0) { /* don't allow null strings */ return gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR); } if (result != ASN1_MEM_ERROR) { - gnutls_assert(); - result = _gnutls_asn2err(result); - return result; + if (result != ASN1_SUCCESS || allow_null == 0 || len != 0) { + gnutls_assert(); + result = _gnutls_asn2err(result); + return result; + } } if (etype == ASN1_ETYPE_BIT_STRING) { @@ -705,17 +707,21 @@ _gnutls_x509_read_value(ASN1_TYPE c, const char *root, goto cleanup; } - result = asn1_read_value(c, root, tmp, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } + if (len > 0) { + result = asn1_read_value(c, root, tmp, &len); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } - if (etype == ASN1_ETYPE_BIT_STRING) { - ret->size = (len+7) / 8; + if (etype == ASN1_ETYPE_BIT_STRING) { + ret->size = (len+7) / 8; + } else { + ret->size = (unsigned) len; + } } else { - ret->size = (unsigned) len; + ret->size = 0; } tmp[ret->size] = 0; @@ -728,6 +734,20 @@ _gnutls_x509_read_value(ASN1_TYPE c, const char *root, return result; } +int +_gnutls_x509_read_value(ASN1_TYPE c, const char *root, + gnutls_datum_t * ret) +{ + return x509_read_value(c, root, ret, 0); +} + +int +_gnutls_x509_read_null_value(ASN1_TYPE c, const char *root, + gnutls_datum_t * ret) +{ + return x509_read_value(c, root, ret, 1); +} + /* Reads a value from an ASN1 tree, then interprets it as the provided * type of string and returns the output in an allocated variable. * |