Add size limit to X509_NAME structure.
This adds an explicit limit to the size of an X509_NAME structure. Some part of OpenSSL (e.g. TLS) already effectively limit the size due to restrictions on certificate size. Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson
parent
3cd3f0024b
commit
295f3a2491
1 changed files with 11 additions and 0 deletions
|
|
@ -64,6 +64,13 @@
|
|||
#include "internal/asn1_int.h"
|
||||
#include "x509_lcl.h"
|
||||
|
||||
/*
|
||||
* Maximum length of X509_NAME: much larger than anything we should
|
||||
* ever see in practice.
|
||||
*/
|
||||
|
||||
#define X509_NAME_MAX (1024 * 1024)
|
||||
|
||||
static int x509_name_ex_d2i(ASN1_VALUE **val,
|
||||
const unsigned char **in, long len,
|
||||
const ASN1_ITEM *it,
|
||||
|
|
@ -187,6 +194,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
|
|||
int i, j, ret;
|
||||
STACK_OF(X509_NAME_ENTRY) *entries;
|
||||
X509_NAME_ENTRY *entry;
|
||||
if (len > X509_NAME_MAX) {
|
||||
ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
|
||||
return 0;
|
||||
}
|
||||
q = p;
|
||||
|
||||
/* Get internal representation of Name */
|
||||
|
|
|
|||
Loading…
Reference in a new issue