From 945f60e8a7f08aedb0eede5e3574f1972fc86ec8 Mon Sep 17 00:00:00 2001
From: Patrick Monnerat <patrick@monnerat.net>
Date: Thu, 24 Nov 2016 14:28:39 +0100
Subject: Limit ASN.1 structure sizes to 256K. Prevent some allocation size
 overflows. See CRL-01-006.

---
 lib/vtls/cyassl.c | 3 ++-
 lib/vtls/gskit.c  | 3 +--
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib/vtls')

diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 39248d2c7..f0c0f4a07 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -512,7 +512,8 @@ cyassl_connect_step2(struct connectdata *conn,
     }
 
     memset(&x509_parsed, 0, sizeof x509_parsed);
-    Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len);
+    if(Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len))
+      return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
 
     pubkey = &x509_parsed.subjectPublicKeyInfo;
     if(!pubkey->header || pubkey->end <= pubkey->header) {
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index e1dd9b6b0..2ccb9e47b 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -875,9 +875,8 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
     curl_X509certificate x509;
     curl_asn1Element *p;
 
-    if(!cert)
+    if(Curl_parseX509(&x509, cert, certend))
       return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
-    Curl_parseX509(&x509, cert, certend);
     p = &x509.subjectPublicKeyInfo;
     result = Curl_pin_peer_pubkey(data, ptr, p->header, p->end - p->header);
     if(result) {
-- 
cgit v1.2.3