From: Dr. Stephen Henson <steve@openssl.org>
Date: Thu, 28 Apr 2016 11:55:29 +0000 (+0100)
Subject: Add size limit to X509_NAME structure.
X-Git-Tag: OpenSSL_1_1_0-pre6~983
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=295f3a24919157e2f9021d0b1709353710ad63db;p=oweals%2Fopenssl.git

Add size limit to X509_NAME structure.

This adds an explicit limit to the size of an X509_NAME structure. Some
part of OpenSSL (e.g. TLS) already effectively limit the size due to
restrictions on certificate size.

Reviewed-by: Matt Caswell <matt@openssl.org>
---

diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index cd6c719044..72682fed70 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -64,6 +64,13 @@
 #include "internal/asn1_int.h"
 #include "x509_lcl.h"
 
+/*
+ * Maximum length of X509_NAME: much larger than anything we should
+ * ever see in practice.
+ */
+
+#define X509_NAME_MAX (1024 * 1024)
+
 static int x509_name_ex_d2i(ASN1_VALUE **val,
                             const unsigned char **in, long len,
                             const ASN1_ITEM *it,
@@ -187,6 +194,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
     int i, j, ret;
     STACK_OF(X509_NAME_ENTRY) *entries;
     X509_NAME_ENTRY *entry;
+    if (len > X509_NAME_MAX) {
+        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
+        return 0;
+    }
     q = p;
 
     /* Get internal representation of Name */