Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
(cherry picked from commit b00ca42f2a26133172d9df9304bfbc9b093a43dc)
Conflicts:
ChangeLog (Moved message to 'Branch 1.1')
diff --git a/library/x509parse.c b/library/x509parse.c
index 25df0f7..c9aa738 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -1018,7 +1018,7 @@
{
int ret;
size_t len;
- unsigned char *p, *end;
+ unsigned char *p, *end, *crt_end;
/*
* Check for valid input
@@ -1052,13 +1052,14 @@
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
}
- if( len != (size_t) ( end - p ) )
+ if( len > (size_t) ( end - p ) )
{
x509_free( crt );
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
-
+ crt_end = p + len;
+
/*
* TBSCertificate ::= SEQUENCE {
*/
@@ -1228,7 +1229,7 @@
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
- end = crt->raw.p + crt->raw.len;
+ end = crt_end;
/*
* signatureAlgorithm AlgorithmIdentifier,