[axtls-general] x509_verify goes infinite loop

[Shiro K. <shi...@gm...>]

in r277, when the first 'if' statement's test is satisfied, it loops
without incrementing i,
making the while loop infinite.

https://sourceforge.net/p/axtls/code/277/tree/trunk/ssl/x509.c#l518

            while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
            {
                /* the extension is present but the cA boolean is not
                   asserted, then the certified public key MUST NOT be used
                   to verify certificate signatures. */
                if (cert->basic_constraint_present &&
                        !ca_cert_ctx->cert[i]->basic_constraint_cA)
                    continue;

I guess a fix will be something along this line:

================
@@ -521,8 +521,10 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const
X509_CTX *cert,
                    asserted, then the certified public key MUST NOT be
used
                    to verify certificate signatures. */
                 if (cert->basic_constraint_present &&
-                        !ca_cert_ctx->cert[i]->basic_constraint_cA)
+                        !ca_cert_ctx->cert[i]->basic_constraint_cA) {
+                    i++;
                     continue;
+                }

                 if (asn1_compare_dn(cert->ca_cert_dn,
                                             ca_cert_ctx->cert[i]->cert_dn)
== 0)
=================

Regards,
--shiro