generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'trevp/pemfix' into trev-pem-fix

Browse Source
This commit is contained in:
Ben Laurie
2013-09-20 14:39:33 +01:00
committed by Trevor Perrin
parent 7560f63909
commit 4f8a706dc7
3 changed files with 22 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ssl/ssl_rsa.c
View File

@@ -1206,6 +1206,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
long extension_length = 0;
char* name = NULL;
char* header = NULL;
char namePrefix[] = "SERVERINFO FOR ";
int ret = 0;
BIO *bin = NULL;
size_t num_extensions = 0;
@@ -1241,11 +1242,22 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
else /* End of file, we're done */
break;
}
/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
if (strlen(name) < strlen(namePrefix))
{
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
goto end;
}
if (strncmp(name, namePrefix, strlen(namePrefix)) != 0)
{
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
goto end;
}
/* Check that the decoded PEM data is plausible (valid length field) */
if (extension_length < 4 || (extension[2] << 8) + extension[3] != extension_length - 4)
{
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
goto end;
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
goto end;
}
/* Append the decoded extension to the serverinfo buffer */
serverinfo = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);