Add POLARSSL_X509_MAX_INTERMEDIATE_CA
diff --git a/ChangeLog b/ChangeLog
index cae9e01..7bb1727 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,8 @@
Changes
* Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
* Forbid repeated extensions in X.509 certificates.
+ * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
+ length of an X.509 verification chain (default = 8).
= Version 1.2.12 released 2014-10-24
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 8b6a862..b12e7fb 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -1021,6 +1021,10 @@
//
#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
+// X509 options
+//
+#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
+
#endif /* POLARSSL_CONFIG_OPTIONS */
/* \} name */
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 1dbc40d..0f3bd07 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -36,6 +36,18 @@
* \{
*/
+#if !defined(POLARSSL_CONFIG_OPTIONS)
+/**
+ * Maximum number of intermediate CAs in a verification chain.
+ * That is, maximum length of the chain, excluding the end-entity certificate
+ * and the trusted root certificate.
+ *
+ * Set this to a low value to prevent an adversary from making you waste
+ * resources verifying an overlong certificate chain.
+ */
+#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8
+#endif
+
/**
* \name X509 Error codes
* \{
diff --git a/library/x509parse.c b/library/x509parse.c
index 2ac02e1..54110ba 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3502,6 +3502,13 @@
unsigned char hash[64];
x509_cert *grandparent;
+ /* path_cnt is 0 for the first intermediate CA */
+ if( 1 + path_cnt > POLARSSL_X509_MAX_INTERMEDIATE_CA )
+ {
+ *flags |= BADCERT_NOT_TRUSTED;
+ return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
+ }
+
if( x509parse_time_expired( &child->valid_to ) )
*flags |= BADCERT_EXPIRED;