aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/x509v3.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls/x509v3.c')
-rw-r--r--src/tls/x509v3.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index d74b3a2..71ac6b9 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -815,6 +815,7 @@ static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
struct asn1_hdr hdr;
unsigned long value;
size_t left;
+ const u8 *end_seq;
/*
* BasicConstraints ::= SEQUENCE {
@@ -836,6 +837,7 @@ static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
if (hdr.length == 0)
return 0;
+ end_seq = hdr.payload + hdr.length;
if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
hdr.class != ASN1_CLASS_UNIVERSAL) {
wpa_printf(MSG_DEBUG, "X509: Failed to parse "
@@ -852,14 +854,14 @@ static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
}
cert->ca = hdr.payload[0];
- if (hdr.length == pos + len - hdr.payload) {
+ pos = hdr.payload + hdr.length;
+ if (pos >= end_seq) {
+ /* No optional pathLenConstraint */
wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d",
cert->ca);
return 0;
}
-
- if (asn1_get_next(hdr.payload + hdr.length, len - hdr.length,
- &hdr) < 0 ||
+ if (asn1_get_next(pos, end_seq - pos, &hdr) < 0 ||
hdr.class != ASN1_CLASS_UNIVERSAL) {
wpa_printf(MSG_DEBUG, "X509: Failed to parse "
"BasicConstraints");