Allow the entry_name size to be set in config.h
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
diff --git a/ChangeLog b/ChangeLog
index 2007c41..662ed8f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -44,6 +44,9 @@
buffer.
* Fix invalid buffer sizes passed to zlib during record compression and
decompression.
+ * Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to
+ configure the maximum length of a file path that can be buffered when
+ calling mbedtls_x509_crt_parse_path().
Changes
* Improve testing in configurations that omit certain hashes or
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 0444eb1..9689643 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2492,6 +2492,7 @@
/* X509 options */
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
+//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
/**
* Allow SHA-1 in the default TLS configuration for certificate signing.
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index f82f91f..3548b9a 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -120,6 +120,10 @@
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
+#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
+#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
+#endif
+
/**
* Container for writing a certificate (CRT)
*/
diff --git a/library/x509_crt.c b/library/x509_crt.c
index e797355..f567afc 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1169,9 +1169,10 @@
FindClose( hFind );
#else /* _WIN32 */
int t_ret;
+ int snp_ret;
struct stat sb;
struct dirent *entry;
- char entry_name[255];
+ char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
DIR *dir = opendir( path );
if( dir == NULL )
@@ -1187,11 +1188,16 @@
while( ( entry = readdir( dir ) ) != NULL )
{
- mbedtls_snprintf( entry_name, sizeof entry_name, "%s/%s", path, entry->d_name );
+ snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
+ "%s/%s", path, entry->d_name );
- if( stat( entry_name, &sb ) == -1 )
+ if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name )
{
- closedir( dir );
+ ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ goto cleanup;
+ }
+ else if( stat( entry_name, &sb ) == -1 )
+ {
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
goto cleanup;
}
@@ -1207,9 +1213,10 @@
else
ret += t_ret;
}
- closedir( dir );
cleanup:
+ closedir( dir );
+
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;