forked from wolfSSL/wolfssl
Fix to restore --enable-asn=original. Fixes for building with ASN original (old). Add the new limit checks for alt names and subtree to the old ASN code.
This commit is contained in:
David Garske
@ -4762,10 +4762,10 @@ else
|
|||||||
fi
|
fi
|
||||||
if test "$ENABLED_ASN" = "yes"; then
|
if test "$ENABLED_ASN" = "yes"; then
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
|
||||||
|
elif test "$ENABLED_ASN" == "original"; then
|
||||||
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ORIGINAL"
|
||||||
else
|
else
|
||||||
if test "$ENABLED_ASN" != "original"; then
|
AC_MSG_ERROR([Invalid asn option. Valid are: template or original. Seen: $ENABLED_ASN.])
|
||||||
AC_MSG_ERROR([Invalid asn option. Valid are: template or original. Seen: $ENABLED_ASN.])
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# turn off ASN if leanpsk on
|
# turn off ASN if leanpsk on
|
||||||
|
|||||||
@ -6920,7 +6920,7 @@ int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz,
|
|||||||
|
|
||||||
if (tag == ASN_OBJECT_ID) {
|
if (tag == ASN_OBJECT_ID) {
|
||||||
if ((*algId == ECDSAk) && (eccOid != NULL)) {
|
if ((*algId == ECDSAk) && (eccOid != NULL)) {
|
||||||
if (GetObjectId(input, &idx, eccOid, oidCurveType, maxIdx) < 0)
|
if (GetObjectId(input, &idx, eccOid, oidCurveType, sz) < 0)
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -18590,6 +18590,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
|||||||
#ifndef WOLFSSL_ASN_TEMPLATE
|
#ifndef WOLFSSL_ASN_TEMPLATE
|
||||||
word32 idx = 0;
|
word32 idx = 0;
|
||||||
int length = 0;
|
int length = 0;
|
||||||
|
word32 numNames = 0;
|
||||||
|
|
||||||
WOLFSSL_ENTER("DecodeAltNames");
|
WOLFSSL_ENTER("DecodeAltNames");
|
||||||
|
|
||||||
@ -18622,8 +18623,13 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
|||||||
return BUFFER_E;
|
return BUFFER_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
current_byte = input[idx++];
|
numNames++;
|
||||||
|
if (numNames > WOLFSSL_MAX_ALT_NAMES) {
|
||||||
|
WOLFSSL_MSG("\tToo many subject alternative names");
|
||||||
|
return ASN_ALT_NAME_E;
|
||||||
|
}
|
||||||
|
|
||||||
|
current_byte = input[idx++];
|
||||||
length--;
|
length--;
|
||||||
|
|
||||||
/* Save DNS Type names in the altNames list. */
|
/* Save DNS Type names in the altNames list. */
|
||||||
@ -20153,6 +20159,7 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head,
|
|||||||
#ifndef WOLFSSL_ASN_TEMPLATE
|
#ifndef WOLFSSL_ASN_TEMPLATE
|
||||||
word32 idx = 0;
|
word32 idx = 0;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
word32 cnt = 0;
|
||||||
|
|
||||||
(void)heap;
|
(void)heap;
|
||||||
|
|
||||||
@ -20161,6 +20168,14 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head,
|
|||||||
word32 nameIdx;
|
word32 nameIdx;
|
||||||
byte b, bType;
|
byte b, bType;
|
||||||
|
|
||||||
|
if (limit > 0) {
|
||||||
|
cnt++;
|
||||||
|
if (cnt > limit) {
|
||||||
|
WOLFSSL_MSG("too many name constraints");
|
||||||
|
return ASN_NAME_INVALID_E;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (GetSequence(input, &idx, &seqLength, sz) < 0) {
|
if (GetSequence(input, &idx, &seqLength, sz) < 0) {
|
||||||
WOLFSSL_MSG("\tfail: should be a SEQUENCE");
|
WOLFSSL_MSG("\tfail: should be a SEQUENCE");
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
|
|||||||
Reference in New Issue
Block a user