Fix name length limit check.

The name length limit check in x509_name_ex_d2i() includes the containing structure as well as the actual X509_NAME. This will cause large CRLs to be rejected. Fix by limiting the length passed to ASN1_item_ex_d2i() which will then return an error if the passed X509_NAME exceeds the length. RT#4531 Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-05-04 16:09:06 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2016-05-04 17:39:37 +0100
commit: 4e0d184ac1dde845ba9574872e2ae5c903c81dff (patch)
tree: d140e2448750d674e2f3fb25a4297a9b571da66b /crypto/x509
parent: c73aa309049c4f04ec81f0f1cf552eab8456a16e (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index 72682fed70..662de64ef0 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -194,10 +194,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
     int i, j, ret;
     STACK_OF(X509_NAME_ENTRY) *entries;
     X509_NAME_ENTRY *entry;
-    if (len > X509_NAME_MAX) {
-        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
-        return 0;
-    }
+    if (len > X509_NAME_MAX)
+        len = X509_NAME_MAX;
     q = p;
 
     /* Get internal representation of Name */
author	Dr. Stephen Henson <steve@openssl.org>	2016-05-04 16:09:06 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2016-05-04 17:39:37 +0100
commit	4e0d184ac1dde845ba9574872e2ae5c903c81dff (patch)
tree	d140e2448750d674e2f3fb25a4297a9b571da66b /crypto/x509
parent	c73aa309049c4f04ec81f0f1cf552eab8456a16e (diff)