In the --x509-username-field extenstion, we handle the subject string as
if it is a C string. Make this assumption explicit and reject incomatible
ASN.1 string types.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1497864520-12219-3-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/search?l=mid&q=1497864520-12219-3-git-send-email-steffan.karger@fox-it.com
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -267,6 +267,14 @@ asn1_buf_to_c_string(const mbedtls_asn1_buf *orig, struct gc_arena *gc) |
267 | 267 |
size_t i; |
268 | 268 |
char *val; |
269 | 269 |
|
270 |
+ if (!(orig->tag == MBEDTLS_ASN1_UTF8_STRING |
|
271 |
+ || orig->tag == MBEDTLS_ASN1_PRINTABLE_STRING |
|
272 |
+ || orig->tag == MBEDTLS_ASN1_IA5_STRING)) |
|
273 |
+ { |
|
274 |
+ /* Only support C-string compatible types */ |
|
275 |
+ return string_alloc("ERROR: unsupported ASN.1 string type", gc); |
|
276 |
+ } |
|
277 |
+ |
|
270 | 278 |
for (i = 0; i < orig->len; ++i) |
271 | 279 |
{ |
272 | 280 |
if (orig->p[i] == '\0') |