diff options
| -rw-r--r-- | src/lib/libtls/tls_verify.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/lib/libtls/tls_verify.c b/src/lib/libtls/tls_verify.c index e1073e863a..23e58ebef7 100644 --- a/src/lib/libtls/tls_verify.c +++ b/src/lib/libtls/tls_verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_verify.c,v 1.17 2016/09/04 12:26:43 bcook Exp $ */ | 1 | /* $OpenBSD: tls_verify.c,v 1.18 2016/11/04 15:32:40 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> | 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> |
| 4 | * | 4 | * |
| @@ -127,7 +127,7 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name) | |||
| 127 | data = ASN1_STRING_data(altname->d.dNSName); | 127 | data = ASN1_STRING_data(altname->d.dNSName); |
| 128 | len = ASN1_STRING_length(altname->d.dNSName); | 128 | len = ASN1_STRING_length(altname->d.dNSName); |
| 129 | 129 | ||
| 130 | if (len < 0 || len != strlen(data)) { | 130 | if (len < 0 || (size_t)len != strlen(data)) { |
| 131 | tls_set_errorx(ctx, | 131 | tls_set_errorx(ctx, |
| 132 | "error verifying name '%s': " | 132 | "error verifying name '%s': " |
| 133 | "NUL byte in subjectAltName, " | 133 | "NUL byte in subjectAltName, " |
| @@ -220,7 +220,8 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name) | |||
| 220 | common_name_len + 1); | 220 | common_name_len + 1); |
| 221 | 221 | ||
| 222 | /* NUL bytes in CN? */ | 222 | /* NUL bytes in CN? */ |
| 223 | if (common_name_len != strlen(common_name)) { | 223 | if (common_name_len < 0 || |
| 224 | (size_t)common_name_len != strlen(common_name)) { | ||
| 224 | tls_set_errorx(ctx, "error verifying name '%s': " | 225 | tls_set_errorx(ctx, "error verifying name '%s': " |
| 225 | "NUL byte in Common Name field, " | 226 | "NUL byte in Common Name field, " |
| 226 | "probably a malicious certificate", name); | 227 | "probably a malicious certificate", name); |