diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-05-04 16:09:06 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-05-04 17:40:53 +0100 |
commit | a1eef756cc1948ed4d1f175d97367aa2b24d962d (patch) | |
tree | fe3b01a44de9921ab36e1f412c20a15c2cf6d278 /apps | |
parent | b8c75aab217842e527bd6dbe21d1908484edfb03 (diff) |
Fix name length limit check.
The name length limit check in x509_name_ex_d2i() includes
the containing structure as well as the actual X509_NAME. This will
cause large CRLs to be rejected.
Fix by limiting the length passed to ASN1_item_ex_d2i() which will
then return an error if the passed X509_NAME exceeds the length.
RT#4531
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4e0d184ac1dde845ba9574872e2ae5c903c81dff)
Diffstat (limited to 'apps')
0 files changed, 0 insertions, 0 deletions