Merge pull request #2855 from irwir/fix_x509_crt.c

Remove non-working check from x509_get_subject_alt_name
2020-05-26 18:32:16 +02:00 · 2020-05-26 18:32:16 +02:00 · b1ccff8725
commit b1ccff8725
parent deacf60f79 d742a2416d
2 changed files with 3 additions and 5 deletions
--- a/ChangeLog.d/bugfix_PR2855.txt
+++ b/ChangeLog.d/bugfix_PR2855.txt
@ -0,0 +1,2 @@
+Bugfix
+   * Remove dead code in X.509 certificate parsing. Contributed by irwir in #2855.
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -652,10 +652,6 @@ static int x509_get_subject_alt_name( unsigned char **p,
        mbedtls_x509_subject_alternative_name dummy_san_buf;
        memset( &dummy_san_buf, 0, sizeof( dummy_san_buf ) );

-        if( ( end - *p ) < 1 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                    MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
        tag = **p;
        (*p)++;
        if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
@ -669,7 +665,7 @@ static int x509_get_subject_alt_name( unsigned char **p,
        }

        /*
-         * Check that the SAN are structured correct.
+         * Check that the SAN is structured correctly.
         */
        ret = mbedtls_x509_parse_subject_alt_name( &(cur->buf), &dummy_san_buf );
        /*