cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-08 14:49:59 -04:00
Code Issues Packages Projects Releases Wiki Activity

x509write_crt: reject serial longer than X509_RFC5280_MAX_SERIAL_LEN

Browse Source 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2023-01-13 08:39:36 +01:00
parent 160df1d136
commit b37f6c1b95
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/x509write_crt.c
View File

@ -100,6 +100,10 @@ int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if (mbedtls_mpi_size(serial) > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) {
return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
}
if ((ret = mbedtls_mpi_copy(&ctx->serial, serial)) != 0) {
return ret;
}