diff options
| author | Martin Willi <martin@revosec.ch> | 2012-11-29 16:12:45 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-12-19 10:32:08 +0100 |
| commit | 71dd4e78954fce85f2891e38e78d38034c443d61 (patch) | |
| tree | 8360a35a43b4ec4204046403ff9465b92c02346e /src/libstrongswan/plugins | |
| parent | 3c820cdc232ac7a8613b8c4c5b5ddcc498578c0d (diff) | |
| download | strongswan-71dd4e78954fce85f2891e38e78d38034c443d61.tar.bz2 strongswan-71dd4e78954fce85f2891e38e78d38034c443d61.tar.xz | |
Don't handle PKCS#7 containers with infinite length encodings in pkcs7 plugin
Diffstat (limited to 'src/libstrongswan/plugins')
| -rw-r--r-- | src/libstrongswan/plugins/pkcs7/pkcs7_generic.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c b/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c index 0a8b1bbd0..13fe5f54a 100644 --- a/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c +++ b/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c @@ -114,6 +114,12 @@ pkcs7_t *pkcs7_generic_load(container_type_t type, va_list args) } if (blob.len) { + if (blob.len >= 2 && + blob.ptr[0] == ASN1_SEQUENCE && blob.ptr[1] == 0x80) + { /* looks like infinite lenght BER encoding, but we can't handle it. + * ignore silently, our openssl backend can handle it */ + return NULL; + } return parse_contentInfo(blob); } return NULL; |