Unwrap crlNumber INTEGER in openssl CRL parsing

author: Martin Willi <martin@revosec.ch> 2010-08-30 11:22:54 +0200
committer: Martin Willi <martin@revosec.ch> 2010-08-30 11:23:46 +0200
commit: 2291754ddf02b0903b18533782610407d9d3ad8b (patch)
tree: 49f88a96d6d2414932235aee45413a4b6f20ebac /src/libstrongswan/plugins/openssl/openssl_crl.c
parent: 21f80e9dbc73176cfc3c79ac20fc2ec98518eb2a (diff)
download: strongswan-2291754ddf02b0903b18533782610407d9d3ad8b.tar.bz2
strongswan-2291754ddf02b0903b18533782610407d9d3ad8b.tar.xz
1 files changed, 13 insertions, 4 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 5645d72d7..b9d97a901 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -416,10 +416,19 @@ static bool parse_authKeyIdentifier_ext(private_openssl_crl_t *this,
 static bool parse_crlNumber_ext(private_openssl_crl_t *this,
 								X509_EXTENSION *ext)
 {
-	free(this->serial.ptr);
-	this->serial = chunk_clone(
-						openssl_asn1_str2chunk(X509_EXTENSION_get_data(ext)));
-	return this->serial.len != 0;
+	chunk_t chunk;
+
+	chunk = openssl_asn1_str2chunk(X509_EXTENSION_get_data(ext));
+	/* quick and dirty INTEGER unwrap */
+	if (chunk.len > 1 && chunk.ptr[0] == V_ASN1_INTEGER &&
+		chunk.ptr[1] == chunk.len - 2)
+	{
+		chunk = chunk_skip(chunk, 2);
+		free(this->serial.ptr);
+		this->serial = chunk_clone(chunk);
+		return TRUE;
+	}
+	return FALSE;
 }
 
 /**
author	Martin Willi <martin@revosec.ch>	2010-08-30 11:22:54 +0200
committer	Martin Willi <martin@revosec.ch>	2010-08-30 11:23:46 +0200
commit	2291754ddf02b0903b18533782610407d9d3ad8b (patch)
tree	49f88a96d6d2414932235aee45413a4b6f20ebac /src/libstrongswan/plugins/openssl/openssl_crl.c
parent	21f80e9dbc73176cfc3c79ac20fc2ec98518eb2a (diff)
download	strongswan-2291754ddf02b0903b18533782610407d9d3ad8b.tar.bz2 strongswan-2291754ddf02b0903b18533782610407d9d3ad8b.tar.xz