openssl - Mirror of https://github.com/openssl/openssl

diff options

author	Dr. Stephen Henson <steve@openssl.org>	2016-05-04 16:09:06 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2016-05-04 17:40:53 +0100
commit	a1eef756cc1948ed4d1f175d97367aa2b24d962d (patch)
tree	fe3b01a44de9921ab36e1f412c20a15c2cf6d278 /apps
parent	b8c75aab217842e527bd6dbe21d1908484edfb03 (diff)

Fix name length limit check.

The name length limit check in x509_name_ex_d2i() includes the containing structure as well as the actual X509_NAME. This will cause large CRLs to be rejected. Fix by limiting the length passed to ASN1_item_ex_d2i() which will then return an error if the passed X509_NAME exceeds the length. RT#4531 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4e0d184ac1dde845ba9574872e2ae5c903c81dff)

Diffstat (limited to 'apps')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: