projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2bbcd45)
Ensure canonical encodings of X509_NAME structures are valid.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 30 May 2009 18:10:59 +0000 (18:10 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 30 May 2009 18:10:59 +0000 (18:10 +0000)
crypto/x509/x509_cmp.c patch | blob | history
crypto/x509v3/v3_ncons.c patch | blob | history

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 306d4b2d735db1f7e13530a94071fee494d4d139..2e444f28483e0f5b960249bd35d0f8b7b31b504a 100644 (file)
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -173,16 +173,16 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
        {
        int ret;
 
-       /* Ensure canonical encoding is present */
+       /* Ensure canonical encoding is present and up to date */
 
-       if (!a->canon_enc)
+       if (!a->canon_enc || a->modified)
                {
                ret = i2d_X509_NAME((X509_NAME *)a, NULL);
                if (ret < 0)
                        return -2;
                }
 
-       if (!b->canon_enc)
+       if (!b->canon_enc || b->modified)
                {
                ret = i2d_X509_NAME((X509_NAME *)b, NULL);
                if (ret < 0)
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index ce5a8f6efc076506b16806e8bf1d45a432e2d07b..689df46acdc4a4b3e418bd8f738644be80009041 100644 (file)
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -376,6 +376,11 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
 
 static int nc_dn(X509_NAME *nm, X509_NAME *base)
        {
+       /* Ensure canonical encodings are up to date.  */
+       if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
+               return X509_V_ERR_OUT_OF_MEM;
+       if (base->modified && i2d_X509_NAME(base, NULL) < 0)
+               return X509_V_ERR_OUT_OF_MEM;
        if (base->canon_enclen > nm->canon_enclen)
                return X509_V_ERR_PERMITTED_VIOLATION;
        if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
Unnamed repository; edit this file 'description' to name the repository.