Add checks to X509_NAME_oneline()

Sanity check field lengths and sums to avoid potential overflows and reject excessively large X509_NAME structures. Issue reported by Guido Vranken. Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-04-28 19:45:44 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2016-04-29 19:42:21 +0100
commit: 77076dc944f76e821e4eae3a6563b853ce00c0ed (patch)
tree: 9860d1901021d2423d8e1d0fef028d2591fc6740 /include
parent: b33d1141b6dcce947708b984c5e9e91dad3d675d (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index a36500c8c2..009ee6aa4c 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1122,6 +1122,7 @@ void ERR_load_X509_strings(void);
 # define X509_R_LOADING_CERT_DIR                          103
 # define X509_R_LOADING_DEFAULTS                          104
 # define X509_R_METHOD_NOT_SUPPORTED                      124
+# define X509_R_NAME_TOO_LONG                             134
 # define X509_R_NEWER_CRL_NOT_NEWER                       132
 # define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
 # define X509_R_NO_CRL_NUMBER                             130
author	Dr. Stephen Henson <steve@openssl.org>	2016-04-28 19:45:44 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2016-04-29 19:42:21 +0100
commit	77076dc944f76e821e4eae3a6563b853ce00c0ed (patch)
tree	9860d1901021d2423d8e1d0fef028d2591fc6740 /include
parent	b33d1141b6dcce947708b984c5e9e91dad3d675d (diff)