diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2009-05-30 18:10:59 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2009-05-30 18:10:59 +0000 |
| commit | f16411ccfd2849bf209d60d88eb5d69f2e63b211 (patch) | |
| tree | 489666e963244fec863297203d87bebf790ded2d /crypto/x509v3 | |
| parent | 2bbcd45b05031d9fdd72ad3db2f080962d393bed (diff) | |
Ensure canonical encodings of X509_NAME structures are valid.
Diffstat (limited to 'crypto/x509v3')
| -rw-r--r-- | crypto/x509v3/v3_ncons.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index ce5a8f6efc..689df46acd 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -376,6 +376,11 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) static int nc_dn(X509_NAME *nm, X509_NAME *base) { + /* Ensure canonical encodings are up to date. */ + if (nm->modified && i2d_X509_NAME(nm, NULL) < 0) + return X509_V_ERR_OUT_OF_MEM; + if (base->modified && i2d_X509_NAME(base, NULL) < 0) + return X509_V_ERR_OUT_OF_MEM; if (base->canon_enclen > nm->canon_enclen) return X509_V_ERR_PERMITTED_VIOLATION; if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen)) |