Home Explore Help
Register Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 1
Files Issues 1 Wiki
Browse Source

Fix nc_email to check ASN1 strings with NULL byte in the middle

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16524)
Nikita Ivanov 2 years ago
parent
cc0d1b03a9
commit
485d0790ac
1 changed files with 3 additions and 0 deletions
Split View Show Diff Stats
  1. 3 0
      crypto/x509/v3_ncons.c

+ 3 - 0
crypto/x509/v3_ncons.c
View File 

@@ -714,6 +714,9 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
 
         if (baseat != baseptr) {
 
             if ((baseat - baseptr) != (emlat - emlptr))
 
                 return X509_V_ERR_PERMITTED_VIOLATION;
 
+            if (memchr(baseptr, 0, baseat - baseptr) ||
 
+                memchr(emlptr, 0, emlat - emlptr))
 
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
 
             /* Case sensitive match of local part */
 
             if (strncmp(baseptr, emlptr, emlat - emlptr))
 
                 return X509_V_ERR_PERMITTED_VIOLATION;