TLS: Only allow 0xff value as TRUE for ASN.1 DER encoded BOOLEAN
While BER encoding allows any nonzero value to be used for TRUE, DER is explicitly allowing only the value 0xff. Enforce this constraint in X.509 parsing to be more strict with what is acceptable. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
5e6ab36df8
commit
34c1b75c82
1 changed files with 12 additions and 0 deletions
|
@ -852,6 +852,12 @@ static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
|
|||
hdr.length);
|
||||
return -1;
|
||||
}
|
||||
if (hdr.payload[0] != 0 && hdr.payload[0] != 0xff) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"X509: Invalid cA BOOLEAN value 0x%x in BasicConstraints (DER requires 0 or 0xff)",
|
||||
hdr.payload[0]);
|
||||
return -1;
|
||||
}
|
||||
cert->ca = hdr.payload[0];
|
||||
|
||||
pos = hdr.payload + hdr.length;
|
||||
|
@ -1312,6 +1318,12 @@ static int x509_parse_extension(struct x509_certificate *cert,
|
|||
"Boolean length (%u)", hdr.length);
|
||||
return -1;
|
||||
}
|
||||
if (hdr.payload[0] != 0 && hdr.payload[0] != 0xff) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"X509: Invalid critical BOOLEAN value 0x%x in Extension (DER requires 0 or 0xff)",
|
||||
hdr.payload[0]);
|
||||
return -1;
|
||||
}
|
||||
critical_ext = hdr.payload[0];
|
||||
pos = hdr.payload;
|
||||
if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
|
||||
|
|
Loading…
Reference in a new issue