1605074f97
When parsing a certificate with the basic constraints extension the max_pathlen that was read from it was incremented regardless of its value. However, if the max_pathlen is equal to INT_MAX (which is highly unlikely), an undefined behaviour would occur. This commit adds a check to ensure that such value is not accepted as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced. Certificates added in this commit were generated using the test_suite_x509write, function test_x509_crt_check. Input data taken from the "Certificate write check Server1 SHA1" test case, so the generated files are like the "server1.crt", but with the "is_ca" field set to 1 and max_pathlen as described by the file name. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> |
||
---|---|---|
.. | ||
.jenkins | ||
configs | ||
data_files | ||
docker/bionic | ||
git-scripts | ||
scripts | ||
suites | ||
.gitignore | ||
CMakeLists.txt | ||
compat-in-docker.sh | ||
compat.sh | ||
Descriptions.txt | ||
make-in-docker.sh | ||
Makefile | ||
psa_crypto_helpers.h | ||
psa_helpers.h | ||
ssl-opt-in-docker.sh | ||
ssl-opt.sh |