Browse code
mbedtls: require C-string compatible types for --x509-username-field
In the --x509-username-field extenstion, we handle the subject string as
if it is a C string. Make this assumption explicit and reject incomatible
ASN.1 string types.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1497864520-12219-3-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/search?l=mid&q=1497864520-12219-3-git-send-email-steffan.karger@fox-it.com
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Steffan Karger authored on 2017/06/19 18:28:37Showing 1 changed files
| ... | ... |
@@ -267,6 +267,14 @@ asn1_buf_to_c_string(const mbedtls_asn1_buf *orig, struct gc_arena *gc) |
| 267 | 267 |
size_t i; |
| 268 | 268 |
char *val; |
| 269 | 269 |
|
| 270 |
+ if (!(orig->tag == MBEDTLS_ASN1_UTF8_STRING |
|
| 271 |
+ || orig->tag == MBEDTLS_ASN1_PRINTABLE_STRING |
|
| 272 |
+ || orig->tag == MBEDTLS_ASN1_IA5_STRING)) |
|
| 273 |
+ {
|
|
| 274 |
+ /* Only support C-string compatible types */ |
|
| 275 |
+ return string_alloc("ERROR: unsupported ASN.1 string type", gc);
|
|
| 276 |
+ } |
|
| 277 |
+ |
|
| 270 | 278 |
for (i = 0; i < orig->len; ++i) |
| 271 | 279 |
{
|
| 272 | 280 |
if (orig->p[i] == '\0') |