aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Steffen <andreas.steffen@strongswan.org>2017-05-05 11:21:12 +0200
committerAndreas Steffen <andreas.steffen@strongswan.org>2017-05-29 11:05:04 +0200
commit38a8ecadb7d9e183d1c869ad0b8f60a12f9d34d4 (patch)
tree7c7556af097ca3db1e8849f9b6487cef55f87913
parentf2f9edbbc0cc330d5ce02d177577cc1f1d510c93 (diff)
downloadstrongswan-38a8ecadb7d9e183d1c869ad0b8f60a12f9d34d4.tar.bz2
strongswan-38a8ecadb7d9e183d1c869ad0b8f60a12f9d34d4.tar.xz
x509: nameConstraints sequence does not require a loop
Fixes: CVE-2017-9023
Diffstat
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 8f1901da8..974e687f9 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -933,14 +933,13 @@ end:
* ASN.1 definition of nameConstraints
*/
static const asn1Object_t nameConstraintsObjects[] = {
- { 0, "nameConstraints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
+ { 0, "nameConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
{ 1, "permittedSubtrees", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 1 */
{ 2, "generalSubtree", ASN1_SEQUENCE, ASN1_BODY }, /* 2 */
{ 1, "end loop", ASN1_EOC, ASN1_END }, /* 3 */
{ 1, "excludedSubtrees", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_LOOP }, /* 4 */
{ 2, "generalSubtree", ASN1_SEQUENCE, ASN1_BODY }, /* 5 */
{ 1, "end loop", ASN1_EOC, ASN1_END }, /* 6 */
- { 0, "end loop", ASN1_EOC, ASN1_END }, /* 7 */
{ 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define NAME_CONSTRAINT_PERMITTED 2
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-13 02:48:04 +0000