From 19091ac236ee305f9ccccd2b88137509eab6a0f9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 3 Jan 2011 01:40:34 +0000 Subject: [PATCH] PR: 2411 Submitted by: Rob Austein Reviewed by: steve Fix corner cases in RFC3779 code. --- crypto/x509v3/v3_addr.c | 6 ++++++ crypto/x509v3/v3_asid.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index 9087d66e0a..0d70e8696d 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -177,12 +177,18 @@ static int i2r_address(BIO *out, unsigned char addr[ADDR_RAW_BUF_LEN]; int i, n; + if (bs->length < 0) + return 0; switch (afi) { case IANA_AFI_IPV4: + if (bs->length > 4) + return 0; addr_expand(addr, bs, 4, fill); BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); break; case IANA_AFI_IPV6: + if (bs->length > 16) + return 0; addr_expand(addr, bs, 16, fill); for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) ; diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index 2b8c0a0824..da0029a011 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -372,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) int v3_asid_is_canonical(ASIdentifiers *asid) { return (asid == NULL || - (ASIdentifierChoice_is_canonical(asid->asnum) || + (ASIdentifierChoice_is_canonical(asid->asnum) && ASIdentifierChoice_is_canonical(asid->rdi))); } -- 2.25.1