From f4a4a0fdc7843c927f23113771e8cdbf4d05089a Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 3 Jan 2011 01:40:22 +0000
Subject: PR: 2411 Submitted by: Rob Austein <sra@hactrn.net> Reviewed by:
 steve

Fix corner cases in RFC3779 code.
---
 crypto/x509v3/v3_addr.c | 6 ++++++
 crypto/x509v3/v3_asid.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

(limited to 'crypto')

diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index efdf7c3ba7..d97944f848 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -177,12 +177,18 @@ static int i2r_address(BIO *out,
   unsigned char addr[ADDR_RAW_BUF_LEN];
   int i, n;
 
+  if (bs->length < 0)
+    return 0;
   switch (afi) {
   case IANA_AFI_IPV4:
+    if (bs->length > 4)
+      return 0;
     addr_expand(addr, bs, 4, fill);
     BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
     break;
   case IANA_AFI_IPV6:
+    if (bs->length > 16)
+      return 0;
     addr_expand(addr, bs, 16, fill);
     for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
       ;
diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
index eba479665e..cff04a3558 100644
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@@ -372,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 int v3_asid_is_canonical(ASIdentifiers *asid)
 {
   return (asid == NULL ||
-	  (ASIdentifierChoice_is_canonical(asid->asnum) ||
+	  (ASIdentifierChoice_is_canonical(asid->asnum) &&
 	   ASIdentifierChoice_is_canonical(asid->rdi)));
 }
 
-- 
cgit v1.2.3