diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-01-03 01:40:53 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-01-03 01:40:53 +0000 |
commit | 85881c1d92cccda9ba26131a9102492de28a5a04 (patch) | |
tree | e38aef60a3055ad6212297247f755ebe82c1dc7d /crypto | |
parent | 968062b7d3a282467cef10bb687fe045b169eae2 (diff) |
PR: 2411
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Fix corner cases in RFC3779 code.
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509v3/v3_addr.c | 6 | ||||
-rw-r--r-- | crypto/x509v3/v3_asid.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index 9087d66e0a..0d70e8696d 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -177,12 +177,18 @@ static int i2r_address(BIO *out, unsigned char addr[ADDR_RAW_BUF_LEN]; int i, n; + if (bs->length < 0) + return 0; switch (afi) { case IANA_AFI_IPV4: + if (bs->length > 4) + return 0; addr_expand(addr, bs, 4, fill); BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); break; case IANA_AFI_IPV6: + if (bs->length > 16) + return 0; addr_expand(addr, bs, 16, fill); for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) ; diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index 2b8c0a0824..da0029a011 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -372,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) int v3_asid_is_canonical(ASIdentifiers *asid) { return (asid == NULL || - (ASIdentifierChoice_is_canonical(asid->asnum) || + (ASIdentifierChoice_is_canonical(asid->asnum) && ASIdentifierChoice_is_canonical(asid->rdi))); } |