From f20b257083d428e99f7adcef262854bdea0a4e5e Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 5 Apr 2017 13:20:44 +0200 Subject: Avoid using ASN1_MAX_NAME_SIZE directly Since ASN1_MAX_NAME_SIZE refers to a single element in the asn1 tree, it is not suitable to hold the maximum combined name. Instead use a local definition of MAX_NAME_SIZE, which is a multiple of the ASN1_MAX_NAME_SIZE. Signed-off-by: Nikos Mavrogiannopoulos --- lib/x509/crl.c | 12 ++++++------ lib/x509/crq.c | 20 ++++++++++---------- lib/x509/dn.c | 20 ++++++++++---------- lib/x509/extensions.c | 12 ++++++------ lib/x509/ocsp.c | 10 +++++----- lib/x509/pkcs12.c | 4 ++-- lib/x509/pkcs7.c | 8 ++++---- lib/x509/x509.c | 8 ++++---- lib/x509/x509_dn.c | 2 +- lib/x509/x509_ext.c | 8 ++++---- lib/x509/x509_int.h | 1 + 11 files changed, 53 insertions(+), 52 deletions(-) diff --git a/lib/x509/crl.c b/lib/x509/crl.c index 036703a1bc..bd307ca42a 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -620,8 +620,8 @@ gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, unsigned indx, { int result, _serial_size; - char serial_name[ASN1_MAX_NAME_SIZE]; - char date_name[ASN1_MAX_NAME_SIZE]; + char serial_name[MAX_NAME_SIZE]; + char date_name[MAX_NAME_SIZE]; if (crl == NULL) { gnutls_assert(); @@ -697,8 +697,8 @@ gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl, { int result, _serial_size; - char serial_name[ASN1_MAX_NAME_SIZE]; - char date_name[ASN1_MAX_NAME_SIZE]; + char serial_name[MAX_NAME_SIZE]; + char date_name[MAX_NAME_SIZE]; if (crl == NULL || iter == NULL) { gnutls_assert(); @@ -1171,7 +1171,7 @@ gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl, unsigned indx, { int result; char str_critical[10]; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; int len; if (!crl) { @@ -1241,7 +1241,7 @@ gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t crl, unsigned indx, void *data, size_t * sizeof_data) { int result, len; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; if (!crl) { gnutls_assert(); diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 0ce2e693d0..6de39d28f7 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -429,8 +429,8 @@ parse_attribute(ASN1_TYPE asn1_struct, int raw, gnutls_datum_t * out) { int k1, result; - char tmpbuffer1[ASN1_MAX_NAME_SIZE]; - char tmpbuffer3[ASN1_MAX_NAME_SIZE]; + char tmpbuffer1[MAX_NAME_SIZE]; + char tmpbuffer3[MAX_NAME_SIZE]; char value[200]; gnutls_datum_t td; char oid[MAX_OID_SIZE]; @@ -578,7 +578,7 @@ add_attribute(ASN1_TYPE asn, const char *root, const char *attribute_id, const gnutls_datum_t * ext_data) { int result; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; snprintf(name, sizeof(name), "%s", root); @@ -624,7 +624,7 @@ static int overwrite_attribute(ASN1_TYPE asn, const char *root, unsigned indx, const gnutls_datum_t * ext_data) { - char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; int result; snprintf(name, sizeof(name), "%s.?%u", root, indx); @@ -648,7 +648,7 @@ set_attribute(ASN1_TYPE asn, const char *root, { int result; int k, len; - char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; char extnID[MAX_OID_SIZE]; /* Find the index of the given attribute. @@ -1401,7 +1401,7 @@ gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq, unsigned indx, void *oid, size_t * sizeof_oid) { int result; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; int len; if (!crq) { @@ -1455,7 +1455,7 @@ gnutls_x509_crq_get_attribute_data(gnutls_x509_crq_t crq, unsigned indx, void *data, size_t * sizeof_data) { int result, len; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; if (!crq) { gnutls_assert(); @@ -1512,7 +1512,7 @@ gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq, unsigned indx, { int result; char str_critical[10]; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; char *extensions = NULL; size_t extensions_size = 0; ASN1_TYPE c2; @@ -1673,7 +1673,7 @@ gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq, unsigned indx, gnutls_datum_t * data) { int ret, result; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; unsigned char *extensions = NULL; size_t extensions_size = 0; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; @@ -2485,7 +2485,7 @@ gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq, size_t * sizeof_oid, unsigned int *critical) { - char tmpstr[ASN1_MAX_NAME_SIZE]; + char tmpstr[MAX_NAME_SIZE]; int result, len; gnutls_datum_t prev = { NULL, 0 }; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; diff --git a/lib/x509/dn.c b/lib/x509/dn.c index b1b8a54e76..e39d2d77ba 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -38,9 +38,9 @@ static int append_elements(ASN1_TYPE asn1_struct, const char *asn1_rdn_name, gnu int k2, result, max_k2; int len; uint8_t value[MAX_STRING_LEN]; - char tmpbuffer1[ASN1_MAX_NAME_SIZE]; - char tmpbuffer2[ASN1_MAX_NAME_SIZE]; - char tmpbuffer3[ASN1_MAX_NAME_SIZE]; + char tmpbuffer1[MAX_NAME_SIZE]; + char tmpbuffer2[MAX_NAME_SIZE]; + char tmpbuffer3[MAX_NAME_SIZE]; const char *ldap_desc; char oid[MAX_OID_SIZE]; gnutls_datum_t td = { NULL, 0 }; @@ -318,9 +318,9 @@ _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct, unsigned int raw_flag, gnutls_datum_t * out) { int k2, k1, result; - char tmpbuffer1[ASN1_MAX_NAME_SIZE]; - char tmpbuffer2[ASN1_MAX_NAME_SIZE]; - char tmpbuffer3[ASN1_MAX_NAME_SIZE]; + char tmpbuffer1[MAX_NAME_SIZE]; + char tmpbuffer2[MAX_NAME_SIZE]; + char tmpbuffer3[MAX_NAME_SIZE]; gnutls_datum_t td; uint8_t value[256]; char oid[MAX_OID_SIZE]; @@ -479,9 +479,9 @@ _gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct, int indx, void *_oid, size_t * sizeof_oid) { int k2, k1, result; - char tmpbuffer1[ASN1_MAX_NAME_SIZE]; - char tmpbuffer2[ASN1_MAX_NAME_SIZE]; - char tmpbuffer3[ASN1_MAX_NAME_SIZE]; + char tmpbuffer1[MAX_NAME_SIZE]; + char tmpbuffer2[MAX_NAME_SIZE]; + char tmpbuffer3[MAX_NAME_SIZE]; char value[256]; char oid[MAX_OID_SIZE]; int len; @@ -704,7 +704,7 @@ _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct, int raw_flag, const char *name, int sizeof_name) { int result; - char tmp[ASN1_MAX_NAME_SIZE], asn1_rdn_name[ASN1_MAX_NAME_SIZE]; + char tmp[MAX_NAME_SIZE], asn1_rdn_name[MAX_NAME_SIZE]; if (sizeof_name == 0 || name == NULL) { gnutls_assert(); diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c index 751c2986e6..2a983db9ab 100644 --- a/lib/x509/extensions.c +++ b/lib/x509/extensions.c @@ -39,7 +39,7 @@ _gnutls_get_extension(ASN1_TYPE asn, const char *root, gnutls_datum_t * ret, unsigned int *_critical) { int k, result, len; - char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; char str_critical[10]; int critical = 0; char extnID[MAX_OID_SIZE]; @@ -135,7 +135,7 @@ static int get_indx_extension(ASN1_TYPE asn, const char *root, int indx, gnutls_datum_t * out) { - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; int ret; out->data = NULL; @@ -231,7 +231,7 @@ static int get_extension_oid(ASN1_TYPE asn, const char *root, unsigned indx, void *oid, size_t * sizeof_oid) { int k, result, len; - char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; char extnID[MAX_OID_SIZE]; unsigned indx_counter = 0; @@ -319,7 +319,7 @@ add_extension(ASN1_TYPE asn, const char *root, const char *extension_id, { int result; const char *str; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; snprintf(name, sizeof(name), "%s", root); @@ -379,7 +379,7 @@ static int overwrite_extension(ASN1_TYPE asn, const char *root, unsigned int indx, const gnutls_datum_t * ext_data, unsigned int critical) { - char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; const char *str; int result; @@ -421,7 +421,7 @@ _gnutls_set_extension(ASN1_TYPE asn, const char *root, { int result = 0; int k, len; - char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; char extnID[MAX_OID_SIZE]; /* Find the index of the given extension. diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 75f45c984d..af45369ab9 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -430,7 +430,7 @@ gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_t req, gnutls_datum_t * serial_number) { gnutls_datum_t sa; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; int ret; if (req == NULL) { @@ -737,7 +737,7 @@ gnutls_ocsp_req_get_extension(gnutls_ocsp_req_t req, { int ret; char str_critical[10]; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; int len; if (!req) { @@ -1414,7 +1414,7 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp, time_t * revocation_time, unsigned int *revocation_reason) { - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; int ret, result; char oidtmp[MAX_OID_SIZE]; int len; @@ -1625,7 +1625,7 @@ gnutls_ocsp_resp_get_extension(gnutls_ocsp_resp_t resp, { int ret; char str_critical[10]; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; int len; if (!resp) { @@ -1827,7 +1827,7 @@ gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_t resp, } for (;;) { - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; snprintf(name, sizeof(name), "certs.?%u", (unsigned int) (ctr + 1)); diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 1690be323f..a521ba9d48 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -364,7 +364,7 @@ int _pkcs12_decode_safe_contents(const gnutls_datum_t * content, gnutls_pkcs12_bag_t bag) { - char oid[MAX_OID_SIZE], root[ASN1_MAX_NAME_SIZE]; + char oid[MAX_OID_SIZE], root[MAX_NAME_SIZE]; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int len, result; int bag_type; @@ -606,7 +606,7 @@ gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result, len; - char root2[ASN1_MAX_NAME_SIZE]; + char root2[MAX_NAME_SIZE]; char oid[MAX_OID_SIZE]; if (pkcs12 == NULL) { diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 7e63afe393..295ebe0cdd 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -320,7 +320,7 @@ gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7, unsigned indx, gnutls_datum_t * cert) { int result, len; - char root2[ASN1_MAX_NAME_SIZE]; + char root2[MAX_NAME_SIZE]; char oid[MAX_OID_SIZE]; gnutls_datum_t tmp = { NULL, 0 }; @@ -1764,7 +1764,7 @@ int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt) int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx) { int result; - char root2[ASN1_MAX_NAME_SIZE]; + char root2[MAX_NAME_SIZE]; if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; @@ -1809,7 +1809,7 @@ gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7, unsigned indx, gnutls_datum_t * crl) { int result; - char root2[ASN1_MAX_NAME_SIZE]; + char root2[MAX_NAME_SIZE]; gnutls_datum_t tmp = { NULL, 0 }; int start, end; @@ -2026,7 +2026,7 @@ int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl) int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx) { int result; - char root2[ASN1_MAX_NAME_SIZE]; + char root2[MAX_NAME_SIZE]; if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 3f2e0b1a57..2aae9e0e3a 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1528,7 +1528,7 @@ _gnutls_parse_general_name2(ASN1_TYPE src, const char *src_name, unsigned int *ret_type, int othername_oid) { int len, ret; - char nptr[ASN1_MAX_NAME_SIZE]; + char nptr[MAX_NAME_SIZE]; int result; gnutls_datum_t tmp = {NULL, 0}; char choice_type[128]; @@ -2445,7 +2445,7 @@ gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, unsigned indx, { int result; char str_critical[10]; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; int len; if (!cert) { @@ -2513,7 +2513,7 @@ gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, unsigned indx, void *data, size_t * sizeof_data) { int result, len; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; if (!cert) { gnutls_assert(); @@ -3719,7 +3719,7 @@ legacy_parse_aia(ASN1_TYPE src, unsigned int seq, int what, gnutls_datum_t * data) { int len; - char nptr[ASN1_MAX_NAME_SIZE]; + char nptr[MAX_NAME_SIZE]; int result; gnutls_datum_t d; const char *oid = NULL; diff --git a/lib/x509/x509_dn.c b/lib/x509/x509_dn.c index e093fe9d86..effa363fce 100644 --- a/lib/x509/x509_dn.c +++ b/lib/x509/x509_dn.c @@ -563,7 +563,7 @@ gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, ASN1_DATA_NODE vnode; long len; int lenlen, remlen, ret; - char rbuf[ASN1_MAX_NAME_SIZE]; + char rbuf[MAX_NAME_SIZE]; unsigned char cls; const unsigned char *ptr; diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c index 23d957c7d2..0b003c28b2 100644 --- a/lib/x509/x509_ext.c +++ b/lib/x509/x509_ext.c @@ -2317,7 +2317,7 @@ int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t * ext, { int result; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - char name[ASN1_MAX_NAME_SIZE]; + char name[MAX_NAME_SIZE]; int len, ret; uint8_t reasons[2]; unsigned i, type, rflags, j; @@ -2694,7 +2694,7 @@ int gnutls_x509_aia_set(gnutls_x509_aia_t aia, static int parse_aia(ASN1_TYPE c2, gnutls_x509_aia_t aia) { int len; - char nptr[ASN1_MAX_NAME_SIZE]; + char nptr[MAX_NAME_SIZE]; int ret, result; char tmpoid[MAX_OID_SIZE]; void * tmp; @@ -2988,7 +2988,7 @@ int gnutls_x509_ext_import_key_purposes(const gnutls_datum_t * ext, gnutls_x509_key_purposes_t p, unsigned int flags) { - char tmpstr[ASN1_MAX_NAME_SIZE]; + char tmpstr[MAX_NAME_SIZE]; int result, ret; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; gnutls_datum_t oid = {NULL, 0}; @@ -3194,7 +3194,7 @@ int _gnutls_x509_decode_ext(const gnutls_datum_t *der, gnutls_x509_ext_st *out) */ static int parse_tlsfeatures(ASN1_TYPE c2, gnutls_x509_tlsfeatures_t f, unsigned flags) { - char nptr[ASN1_MAX_NAME_SIZE]; + char nptr[MAX_NAME_SIZE]; int result; unsigned i, indx, j; unsigned int feature; diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index b71bcf67a3..8d8f87782d 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -32,6 +32,7 @@ #define MAX_CRQ_EXTENSIONS_SIZE 8*1024 #define MAX_OID_SIZE 128 #define MAX_KEY_ID_SIZE 128 +#define MAX_NAME_SIZE (3*ASN1_MAX_NAME_SIZE) #define HASH_OID_SHA1 "1.3.14.3.2.26" #define HASH_OID_MD5 "1.2.840.113549.2.5" -- cgit v1.2.1