yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Correctly handle CertificateRequest with empty DN list in <= TLS 1.1

Browse source
This commit is contained in:
Paul Bakker 2013-01-22 13:45:33 +01:00
parent f626e1dd28
commit 9c94cddeae
2 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ChangeLog
View file

@ -4,6 +4,8 @@ PolarSSL ChangeLog
Bugfix Bugfix
* Memory leak when using RSA_PKCS_V21 operations fixed * Memory leak when using RSA_PKCS_V21 operations fixed
* Handle future version properly in ssl_write_certificate_request() * Handle future version properly in ssl_write_certificate_request()
* Correctly handle CertificateRequest message in client for <= TLS 1.1
without DN list
= Version 1.2.3 released 2012-11-26 = Version 1.2.3 released 2012-11-26
Bugfix Bugfix

9
library/ssl_cli.c
View file

@ -894,7 +894,7 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
{ {
int ret; int ret;
unsigned char *buf, *p; unsigned char *buf, *p;
size_t n = 0; size_t n = 0, m = 0;
size_t cert_type_len = 0, sig_alg_len = 0, dn_len = 0; size_t cert_type_len = 0, sig_alg_len = 0, dn_len = 0;
SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) ); SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
@ -976,6 +976,7 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
| ( buf[6 + n] ) ); | ( buf[6 + n] ) );
p = buf + 7 + n; p = buf + 7 + n;
m += 2;
n += sig_alg_len; n += sig_alg_len;
if( ssl->in_hslen < 6 + n ) if( ssl->in_hslen < 6 + n )
@ -985,11 +986,11 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
} }
} }
dn_len = ( ( buf[7 + n] << 8 ) dn_len = ( ( buf[5 + m + n] << 8 )
| ( buf[8 + n] ) ); | ( buf[6 + m + n] ) );
n += dn_len; n += dn_len;
if( ssl->in_hslen != 9 + n ) if( ssl->in_hslen != 7 + m + n )
{ {
SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );