diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-10-31 14:21:37 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-10-31 17:01:22 +0100 |
commit | 133a6de045ed3d1c56852e453ff9196647fc4470 (patch) | |
tree | 030ab060cf393241361fe13008f92d3de7ab281e /lib | |
parent | ccc9c42985aedc000e8f8f830fb289059042f571 (diff) | |
download | gnutls-133a6de045ed3d1c56852e453ff9196647fc4470.tar.gz |
x509_dn: forbid non-supported escaped chars on DN encoding
Diffstat (limited to 'lib')
-rw-r--r-- | lib/x509/x509_dn.c | 35 |
1 files changed, 21 insertions, 14 deletions
diff --git a/lib/x509/x509_dn.c b/lib/x509/x509_dn.c index fc8aeb9c8f..a64ca3ed7f 100644 --- a/lib/x509/x509_dn.c +++ b/lib/x509/x509_dn.c @@ -88,15 +88,19 @@ int dn_attr_crt_set(set_dn_func f, void *crt, const gnutls_datum_t * name, /* unescape */ for (j=i=0;i<tmp.size;i++) { - if (1+j!=val->size && val->data[j] == '\\' && - (val->data[j+1] == ',' || val->data[j+1] == '#' || - val->data[j+1] == ' ' || val->data[j+1] == '+' || - val->data[j+1] == '"' || val->data[j+1] == '<' || - val->data[j+1] == '>' || val->data[j+1] == ';' || - val->data[j+1] == '\\' || val->data[j+1] == '=')) { - tmp.data[i] = val->data[j+1]; - j+=2; - tmp.size--; + if (1+j!=val->size && val->data[j] == '\\') { + if (val->data[j+1] == ',' || val->data[j+1] == '#' || + val->data[j+1] == ' ' || val->data[j+1] == '+' || + val->data[j+1] == '"' || val->data[j+1] == '<' || + val->data[j+1] == '>' || val->data[j+1] == ';' || + val->data[j+1] == '\\' || val->data[j+1] == '=') { + tmp.data[i] = val->data[j+1]; + j+=2; + tmp.size--; + } else { + ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR); + goto fail; + } } else { tmp.data[i] = val->data[j++]; } @@ -105,12 +109,15 @@ int dn_attr_crt_set(set_dn_func f, void *crt, const gnutls_datum_t * name, } ret = f(crt, oid, is_raw, tmp.data, tmp.size); - gnutls_free(tmp.data); - - if (ret < 0) - return gnutls_assert_val(ret); + if (ret < 0) { + gnutls_assert(); + goto fail; + } - return 0; + ret = 0; + fail: + gnutls_free(tmp.data); + return ret; } static int read_attr_and_val(const char **ptr, |