From 945f60e8a7f08aedb0eede5e3574f1972fc86ec8 Mon Sep 17 00:00:00 2001
From: Patrick Monnerat <patrick@monnerat.net>
Date: Thu, 24 Nov 2016 14:28:39 +0100
Subject: Limit ASN.1 structure sizes to 256K. Prevent some allocation size
 overflows. See CRL-01-006.

---
 lib/vtls/gskit.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'lib/vtls/gskit.c')

diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index e1dd9b6b0..2ccb9e47b 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -875,9 +875,8 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
     curl_X509certificate x509;
     curl_asn1Element *p;
 
-    if(!cert)
+    if(Curl_parseX509(&x509, cert, certend))
       return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
-    Curl_parseX509(&x509, cert, certend);
     p = &x509.subjectPublicKeyInfo;
     result = Curl_pin_peer_pubkey(data, ptr, p->header, p->end - p->header);
     if(result) {
-- 
cgit v1.2.3