upstream/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2026-05-28 04:03:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

mbedtls: require C-string compatible types for --x509-username-field

Browse source 
In the --x509-username-field extenstion, we handle the subject string as
if it is a C string.  Make this assumption explicit and reject incomatible
ASN.1 string types.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1497864520-12219-3-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/search?l=mid&q=1497864520-12219-3-git-send-email-steffan.karger@fox-it.com
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Steffan Karger 2017-06-19 11:28:37 +02:00 committed by Gert Doering
parent 426392940c
commit 0007b2dbd1
No known key found for this signature in database
GPG key ID: 1D829EFECA562812
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/openvpn/ssl_verify_mbedtls.c
View file

@ -267,6 +267,14 @@ asn1_buf_to_c_string(const mbedtls_asn1_buf *orig, struct gc_arena *gc)
size_t i;
char *val;
if (!(orig->tag == MBEDTLS_ASN1_UTF8_STRING
|| orig->tag == MBEDTLS_ASN1_PRINTABLE_STRING
|| orig->tag == MBEDTLS_ASN1_IA5_STRING))
{
/* Only support C-string compatible types */
return string_alloc("ERROR: unsupported ASN.1 string type", gc);
}
for (i = 0; i < orig->len; ++i)
{
if (orig->p[i] == '\0')