From c2292c31b02e30b5ac7be08cf44e5ca1da965768 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 25 May 2012 16:32:10 -0700 Subject: [PATCH] fixed ASN.1 decoding bug in the basic ca constraint certificate extension --- ctaocrypt/src/asn.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index be6aa75a8..5ff6741c2 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -2078,6 +2078,10 @@ static void DecodeBasicCaConstraint(byte* input, int sz, DecodedCert* cert) CYASSL_ENTER("DecodeBasicCaConstraint"); if (GetSequence(input, &idx, &length, sz) < 0) return; + if (length == 0) return; + /* If the basic ca constraint is false, this extension may be named, but + * left empty. So, if the length is 0, just return. */ + if (input[idx++] != ASN_BOOLEAN) { CYASSL_MSG("\tfail: constraint not BOOLEAN");