diff options
| author | Michael Brown | 2012-05-08 11:38:04 +0200 |
|---|---|---|
| committer | Michael Brown | 2012-05-08 13:49:01 +0200 |
| commit | 6c8fcd4bb31d2c4da90e94d78363182d1e92a6c7 (patch) | |
| tree | ef5c7a9d22eb645a628909657fc015f4f202fe76 | |
| parent | [crypto] Allow for X.509 certificates with no common name (diff) | |
| download | ipxe-6c8fcd4bb31d2c4da90e94d78363182d1e92a6c7.tar.gz ipxe-6c8fcd4bb31d2c4da90e94d78363182d1e92a6c7.tar.xz ipxe-6c8fcd4bb31d2c4da90e94d78363182d1e92a6c7.zip | |
[crypto] Check that common name contains no NUL characters
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/crypto/x509.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/crypto/x509.c b/src/crypto/x509.c index 3261b8eb6..356b60a36 100644 --- a/src/crypto/x509.c +++ b/src/crypto/x509.c @@ -575,6 +575,15 @@ static int x509_parse_common_name ( struct x509_certificate *cert, char **name, if ( ! *name ) return -ENOMEM; memcpy ( *name, name_cursor.data, name_cursor.len ); + + /* Check that name contains no NULs */ + if ( strlen ( *name ) != name_cursor.len ) { + DBGC ( cert, "X509 %p contains malicious commonName:\n", + cert ); + DBGC_HDA ( cert, 0, raw->data, raw->len ); + return rc; + } + return 0; } |