Add size limit to X509_NAME structure.

This adds an explicit limit to the size of an X509_NAME structure. Some part of OpenSSL (e.g. TLS) already effectively limit the size due to restrictions on certificate size. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 295f3a2491)
2016-04-28 12:55:29 +01:00 · 2016-04-28 12:55:29 +01:00 · 65cb92f4da
commit 65cb92f4da
parent 4436299296
1 changed files with 11 additions and 0 deletions
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@ -66,6 +66,13 @@
 typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
 DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)

+/*
+ * Maximum length of X509_NAME: much larger than anything we should
+ * ever see in practice.
+ */
+
+#define X509_NAME_MAX (1024 * 1024)
+
 static int x509_name_ex_d2i(ASN1_VALUE **val,
                            const unsigned char **in, long len,
                            const ASN1_ITEM *it,
@ -192,6 +199,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
    int i, j, ret;
    STACK_OF(X509_NAME_ENTRY) *entries;
    X509_NAME_ENTRY *entry;
+    if (len > X509_NAME_MAX) {
+        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
+        return 0;
+    }
    q = p;

    /* Get internal representation of Name */