From 945f60e8a7f08aedb0eede5e3574f1972fc86ec8 Mon Sep 17 00:00:00 2001
From: Patrick Monnerat <patrick@monnerat.net>
Date: Thu, 24 Nov 2016 14:28:39 +0100
Subject: Limit ASN.1 structure sizes to 256K. Prevent some allocation size
 overflows. See CRL-01-006.

---
 lib/vtls/cyassl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib/vtls/cyassl.c')

diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 39248d2c7..f0c0f4a07 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -512,7 +512,8 @@ cyassl_connect_step2(struct connectdata *conn,
     }
 
     memset(&x509_parsed, 0, sizeof x509_parsed);
-    Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len);
+    if(Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len))
+      return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
 
     pubkey = &x509_parsed.subjectPublicKeyInfo;
     if(!pubkey->header || pubkey->end <= pubkey->header) {
-- 
cgit v1.2.3