yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add a guard for IP parsing in cert_req app

Browse source 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2023-05-23 10:57:14 -04:00
parent 5d9aeba899
commit 0624e460fb
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
programs/x509/cert_req.c
View file

@ -159,8 +159,9 @@ int main(int argc, char *argv[])
mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "csr example app"; const char *pers = "csr example app";
mbedtls_x509_san_list *cur, *prev; mbedtls_x509_san_list *cur, *prev;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
uint8_t ip[4] = { 0 }; uint8_t ip[4] = { 0 };
#endif
/* /*
* Set to sane values * Set to sane values
*/ */
@ -241,20 +242,29 @@ usage:
} else if (strcmp(q, "DNS") == 0) { } else if (strcmp(q, "DNS") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
} else if (strcmp(q, "IP") == 0) { } else if (strcmp(q, "IP") == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C)
size_t ip_len = 0; size_t ip_len = 0;
cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip); ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip);
if (ip_len == 0) { if (ip_len == 0) {
mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n",
subtype_value);
goto exit; goto exit;
} }
#else
mbedtls_printf("IP SAN parsing requires MBEDTLS_X509_CRT_PARSE_C to be defined");
goto exit;
#endif
} else { } else {
mbedtls_free(cur); mbedtls_free(cur);
goto usage; goto usage;
} }
if (strcmp(q, "IP") == 0) { if (strcmp(q, "IP") == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C)
cur->node.san.unstructured_name.p = (unsigned char *) ip; cur->node.san.unstructured_name.p = (unsigned char *) ip;
cur->node.san.unstructured_name.len = sizeof(ip); cur->node.san.unstructured_name.len = sizeof(ip);
#endif
} else { } else {
q = subtype_value; q = subtype_value;
cur->node.san.unstructured_name.p = (unsigned char *) q; cur->node.san.unstructured_name.p = (unsigned char *) q;