diff options
author | Patrick Monnerat <patrick@monnerat.net> | 2016-11-24 14:28:39 +0100 |
---|---|---|
committer | Patrick Monnerat <patrick@monnerat.net> | 2016-11-24 14:28:39 +0100 |
commit | 945f60e8a7f08aedb0eede5e3574f1972fc86ec8 (patch) | |
tree | 6a3479b7bdaf88a17f4f915846c1fddaff73873a /lib/vtls/gskit.c | |
parent | 3e9c0230f45cafb9154bb4fcdc8ff2b51f00701a (diff) | |
download | gnurl-945f60e8a7f08aedb0eede5e3574f1972fc86ec8.tar.gz gnurl-945f60e8a7f08aedb0eede5e3574f1972fc86ec8.tar.bz2 gnurl-945f60e8a7f08aedb0eede5e3574f1972fc86ec8.zip |
Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows.
See CRL-01-006.
Diffstat (limited to 'lib/vtls/gskit.c')
-rw-r--r-- | lib/vtls/gskit.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c index e1dd9b6b0..2ccb9e47b 100644 --- a/lib/vtls/gskit.c +++ b/lib/vtls/gskit.c @@ -875,9 +875,8 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex) curl_X509certificate x509; curl_asn1Element *p; - if(!cert) + if(Curl_parseX509(&x509, cert, certend)) return CURLE_SSL_PINNEDPUBKEYNOTMATCH; - Curl_parseX509(&x509, cert, certend); p = &x509.subjectPublicKeyInfo; result = Curl_pin_peer_pubkey(data, ptr, p->header, p->end - p->header); if(result) { |