- Added input handling for x509parse_crt()
- Prevented memory leak by only adding new certificate if needed in x509parse_crt() - Add certificate before parsing if chain is 'full' in x509parse_crt()
This commit is contained in:
parent
ef75f25be7
commit
320a4b59a8
1 changed files with 38 additions and 13 deletions
|
@ -657,9 +657,32 @@ int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen )
|
|||
|
||||
crt = chain;
|
||||
|
||||
while( crt->version != 0 )
|
||||
/*
|
||||
* Check for valid input
|
||||
*/
|
||||
if( crt == NULL || buf == NULL )
|
||||
return( 1 );
|
||||
|
||||
while( crt->version != 0 || crt->next != NULL )
|
||||
crt = crt->next;
|
||||
|
||||
/*
|
||||
* Add new certificate on the end of the chain if needed.
|
||||
*/
|
||||
if ( crt->next == NULL)
|
||||
{
|
||||
crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
|
||||
|
||||
if( crt->next == NULL )
|
||||
{
|
||||
x509_free( crt );
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
crt = crt->next;
|
||||
memset( crt, 0, sizeof( x509_cert ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* check if the certificate is encoded in base64
|
||||
*/
|
||||
|
@ -942,7 +965,7 @@ int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen )
|
|||
return( ret );
|
||||
}
|
||||
|
||||
if( memcmp( crt->sig_oid1.p, crt->sig_oid2.p, 9 ) != 0 )
|
||||
if( memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
|
||||
{
|
||||
x509_free( crt );
|
||||
return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH );
|
||||
|
@ -961,6 +984,8 @@ int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen )
|
|||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||
}
|
||||
|
||||
if( buflen > 0 )
|
||||
{
|
||||
crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
|
||||
|
||||
if( crt->next == NULL )
|
||||
|
@ -972,8 +997,8 @@ int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen )
|
|||
crt = crt->next;
|
||||
memset( crt, 0, sizeof( x509_cert ) );
|
||||
|
||||
if( buflen > 0 )
|
||||
return( x509parse_crt( crt, buf, buflen ) );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue