aboutsummaryrefslogtreecommitdiffstats
path: root/src/pki/commands/signcrl.c
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2016-10-03 12:15:10 +0200
committerAndreas Steffen <andreas.steffen@strongswan.org>2016-10-11 17:18:22 +0200
commit790847d17c27c412b68a91a7f8505fbc083fa567 (patch)
treea01907d1a17146ddffb6c50a9eb1cc4de3345667 /src/pki/commands/signcrl.c
parent49d9266c31383ee3494a6762def70fa9b75829c3 (diff)
downloadstrongswan-790847d17c27c412b68a91a7f8505fbc083fa567.tar.bz2
strongswan-790847d17c27c412b68a91a7f8505fbc083fa567.tar.xz
pki: Don't remove zero bytes in CRL serials anymore
This was added a few years ago because pki --signcrl once encoded serials incorrectly as eight byte blobs. But still ensure we have can handle overflows in case the serial is encoded incorrectly without zero-prefix.
Diffstat (limited to 'src/pki/commands/signcrl.c')
-rw-r--r--src/pki/commands/signcrl.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index 6d873d326..b9cf9c466 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -376,14 +376,15 @@ static int sign_crl()
lastenum = enumerator_create_empty();
}
- /* remove superfluous leading zeros */
- while (crl_serial.len > 1 && crl_serial.ptr[0] == 0x00 &&
- (crl_serial.ptr[1] & 0x80) == 0x00)
+ if (!crl_serial.len || crl_serial.ptr[0] & 0x80)
+ { /* add leading 0x00 to handle potential overflow if serial is encoded
+ * incorrectly */
+ crl_serial = chunk_cat("cc", chunk_from_chars(0x00), crl_serial);
+ }
+ else
{
- crl_serial = chunk_skip_zero(crl_serial);
+ crl_serial = chunk_clone(crl_serial);
}
- crl_serial = chunk_clone(crl_serial);
-
/* increment the serial number by one */
chunk_increment(crl_serial);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 22:02:42 +0000