Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows.

See CRL-01-006.
author: Patrick Monnerat <patrick@monnerat.net> 2016-11-24 14:28:39 +0100
committer: Patrick Monnerat <patrick@monnerat.net> 2016-11-24 14:28:39 +0100
commit: 945f60e8a7f08aedb0eede5e3574f1972fc86ec8 (patch)
tree: 6a3479b7bdaf88a17f4f915846c1fddaff73873a /lib/vtls/gskit.c
parent: 3e9c0230f45cafb9154bb4fcdc8ff2b51f00701a (diff)
download: gnurl-945f60e8a7f08aedb0eede5e3574f1972fc86ec8.tar.gz
gnurl-945f60e8a7f08aedb0eede5e3574f1972fc86ec8.tar.bz2
gnurl-945f60e8a7f08aedb0eede5e3574f1972fc86ec8.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index e1dd9b6b0..2ccb9e47b 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -875,9 +875,8 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
     curl_X509certificate x509;
     curl_asn1Element *p;
 
-    if(!cert)
+    if(Curl_parseX509(&x509, cert, certend))
       return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
-    Curl_parseX509(&x509, cert, certend);
     p = &x509.subjectPublicKeyInfo;
     result = Curl_pin_peer_pubkey(data, ptr, p->header, p->end - p->header);
     if(result) {
author	Patrick Monnerat <patrick@monnerat.net>	2016-11-24 14:28:39 +0100
committer	Patrick Monnerat <patrick@monnerat.net>	2016-11-24 14:28:39 +0100
commit	945f60e8a7f08aedb0eede5e3574f1972fc86ec8 (patch)
tree	6a3479b7bdaf88a17f4f915846c1fddaff73873a /lib/vtls/gskit.c
parent	3e9c0230f45cafb9154bb4fcdc8ff2b51f00701a (diff)
download	gnurl-945f60e8a7f08aedb0eede5e3574f1972fc86ec8.tar.gz gnurl-945f60e8a7f08aedb0eede5e3574f1972fc86ec8.tar.bz2 gnurl-945f60e8a7f08aedb0eede5e3574f1972fc86ec8.zip