wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7669 from JacobBarthelmeh/x509_dn

Browse Source 
sanity check for empty directory strings
This commit is contained in:
Sean Parkinson
2024-06-24 16:44:03 +10:00
committed by GitHub
parent 2312cb4563 8ee01ebaf2
commit f1b1483c63
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
wolfcrypt/src/asn.c
View File

@@ -13903,6 +13903,18 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
return ASN_PARSE_E; return ASN_PARSE_E;
} }
#ifndef WOLFSSL_NO_ASN_STRICT
/* RFC 5280 section 4.1.2.4 lists a DirecotryString as being
* 1..MAX in length */
if (strLen < 1) {
WOLFSSL_MSG("Non conforming DirectoryString of length 0 was"
" found");
WOLFSSL_MSG("Use WOLFSSL_NO_ASN_STRICT if wanting to allow"
" empty DirectoryString's");
return ASN_PARSE_E;
}
#endif
if (id == ASN_COMMON_NAME) { if (id == ASN_COMMON_NAME) {
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectCN = (char *)&input[srcIdx]; cert->subjectCN = (char *)&input[srcIdx];
@@ -14533,6 +14545,18 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
/* Get string reference. */ /* Get string reference. */
GetASN_GetRef(&dataASN[RDNASN_IDX_ATTR_VAL], &str, &strLen); GetASN_GetRef(&dataASN[RDNASN_IDX_ATTR_VAL], &str, &strLen);
#ifndef WOLFSSL_NO_ASN_STRICT
/* RFC 5280 section 4.1.2.4 lists a DirecotryString as being
* 1..MAX in length */
if (ret == 0 && strLen < 1) {
WOLFSSL_MSG("Non conforming DirectoryString of length 0 was"
" found");
WOLFSSL_MSG("Use WOLFSSL_NO_ASN_STRICT if wanting to allow"
" empty DirectoryString's");
ret = ASN_PARSE_E;
}
#endif
/* Convert BER tag to a OpenSSL type. */ /* Convert BER tag to a OpenSSL type. */
switch (tag) { switch (tag) {
case CTC_UTF8: case CTC_UTF8: