Fix nc_email to check ASN1 strings with NULL byte in the middle

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16524) (cherry picked from commit 485d0790ac1a29a0d4e7391d804810d485890376)
author: Nikita Ivanov <nivanov@cloudlinux.com> 2021-09-07 11:31:17 +0300
committer: Pauli <pauli@openssl.org> 2021-09-13 17:04:13 +1000
commit: 9e44ffc281326330937eee0e94b6fd4bfcaa98eb (patch)
tree: 2ed292a428beb43eba62b37c8f947a2abe5c2f3e /crypto
parent: 2753b6ff7f0b91c7ddeb72a6a08948ca28d12a91 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index d985aa91da..60cb4ceaa8 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -602,6 +602,9 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
         if (baseat != baseptr) {
             if ((baseat - baseptr) != (emlat - emlptr))
                 return X509_V_ERR_PERMITTED_VIOLATION;
+            if (memchr(baseptr, 0, baseat - baseptr) ||
+                memchr(emlptr, 0, emlat - emlptr))
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
             /* Case sensitive match of local part */
             if (strncmp(baseptr, emlptr, emlat - emlptr))
                 return X509_V_ERR_PERMITTED_VIOLATION;
author	Nikita Ivanov <nivanov@cloudlinux.com>	2021-09-07 11:31:17 +0300
committer	Pauli <pauli@openssl.org>	2021-09-13 17:04:13 +1000
commit	9e44ffc281326330937eee0e94b6fd4bfcaa98eb (patch)
tree	2ed292a428beb43eba62b37c8f947a2abe5c2f3e /crypto
parent	2753b6ff7f0b91c7ddeb72a6a08948ca28d12a91 (diff)