From 144f10446ae1c751eb94fa6c88a24af909fde3c4 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 10 May 2014 12:36:19 +0300
Subject: [PATCH] X.509: Fix v3 parsing with issuerUniqueID/subjectUniqueID
 present

The current position pointer was not updated when issuerUniqueID or
subjectUniqueID were present. This could result in extensions being
ignored.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/tls/x509v3.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index 06540bffd..a9483cb7f 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -1348,7 +1348,8 @@ static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
 		wpa_printf(MSG_DEBUG, "X509: issuerUniqueID");
 		/* TODO: parse UniqueIdentifier ::= BIT STRING */
 
-		if (hdr.payload + hdr.length == end)
+		pos = hdr.payload + hdr.length;
+		if (pos == end)
 			return 0;
 
 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
@@ -1366,7 +1367,8 @@ static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
 		wpa_printf(MSG_DEBUG, "X509: subjectUniqueID");
 		/* TODO: parse UniqueIdentifier ::= BIT STRING */
 
-		if (hdr.payload + hdr.length == end)
+		pos = hdr.payload + hdr.length;
+		if (pos == end)
 			return 0;
 
 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||