- Added input handling for x509parse_crt()

- Prevented memory leak by only adding new certificate if needed in x509parse_crt()
 - Add certificate before parsing if chain is 'full' in x509parse_crt()
This commit is contained in:
Paul Bakker 2009-03-28 18:52:39 +00:00
parent ef75f25be7
commit 320a4b59a8

View file

@ -657,9 +657,32 @@ int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen )
crt = chain; crt = chain;
while( crt->version != 0 ) /*
* Check for valid input
*/
if( crt == NULL || buf == NULL )
return( 1 );
while( crt->version != 0 || crt->next != NULL )
crt = crt->next; crt = crt->next;
/*
* Add new certificate on the end of the chain if needed.
*/
if ( crt->next == NULL)
{
crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
if( crt->next == NULL )
{
x509_free( crt );
return( 1 );
}
crt = crt->next;
memset( crt, 0, sizeof( x509_cert ) );
}
/* /*
* check if the certificate is encoded in base64 * check if the certificate is encoded in base64
*/ */
@ -942,7 +965,7 @@ int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen )
return( ret ); return( ret );
} }
if( memcmp( crt->sig_oid1.p, crt->sig_oid2.p, 9 ) != 0 ) if( memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
{ {
x509_free( crt ); x509_free( crt );
return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH ); return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH );
@ -961,6 +984,8 @@ int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen )
POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
} }
if( buflen > 0 )
{
crt->next = (x509_cert *) malloc( sizeof( x509_cert ) ); crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
if( crt->next == NULL ) if( crt->next == NULL )
@ -972,8 +997,8 @@ int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen )
crt = crt->next; crt = crt->next;
memset( crt, 0, sizeof( x509_cert ) ); memset( crt, 0, sizeof( x509_cert ) );
if( buflen > 0 )
return( x509parse_crt( crt, buf, buflen ) ); return( x509parse_crt( crt, buf, buflen ) );
}
return( 0 ); return( 0 );
} }