Add size limit to X509_NAME structure.
This adds an explicit limit to the size of an X509_NAME structure. Some part of OpenSSL (e.g. TLS) already effectively limit the size due to restrictions on certificate size. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 295f3a24919157e2f9021d0b1709353710ad63db)
This commit is contained in:
parent
6dfa55ab2f
commit
53d6c14bef
@ -66,6 +66,13 @@
|
|||||||
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
|
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
|
||||||
DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
|
DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Maximum length of X509_NAME: much larger than anything we should
|
||||||
|
* ever see in practice.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#define X509_NAME_MAX (1024 * 1024)
|
||||||
|
|
||||||
static int x509_name_ex_d2i(ASN1_VALUE **val,
|
static int x509_name_ex_d2i(ASN1_VALUE **val,
|
||||||
const unsigned char **in, long len,
|
const unsigned char **in, long len,
|
||||||
const ASN1_ITEM *it,
|
const ASN1_ITEM *it,
|
||||||
@ -192,6 +199,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
|
|||||||
int i, j, ret;
|
int i, j, ret;
|
||||||
STACK_OF(X509_NAME_ENTRY) *entries;
|
STACK_OF(X509_NAME_ENTRY) *entries;
|
||||||
X509_NAME_ENTRY *entry;
|
X509_NAME_ENTRY *entry;
|
||||||
|
if (len > X509_NAME_MAX) {
|
||||||
|
ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
q = p;
|
q = p;
|
||||||
|
|
||||||
/* Get internal representation of Name */
|
/* Get internal representation of Name */
|
||||||
|
Loading…
x
Reference in New Issue
Block a user