[axtls-general] x509_verify goes infinite loop
Brought to you by:
cameronrich
From: Shiro K. <shi...@gm...> - 2018-07-19 14:16:55
|
in r277, when the first 'if' statement's test is satisfied, it loops without incrementing i, making the while loop infinite. https://sourceforge.net/p/axtls/code/277/tree/trunk/ssl/x509.c#l518 while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) { /* the extension is present but the cA boolean is not asserted, then the certified public key MUST NOT be used to verify certificate signatures. */ if (cert->basic_constraint_present && !ca_cert_ctx->cert[i]->basic_constraint_cA) continue; I guess a fix will be something along this line: ================ @@ -521,8 +521,10 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, asserted, then the certified public key MUST NOT be used to verify certificate signatures. */ if (cert->basic_constraint_present && - !ca_cert_ctx->cert[i]->basic_constraint_cA) + !ca_cert_ctx->cert[i]->basic_constraint_cA) { + i++; continue; + } if (asn1_compare_dn(cert->ca_cert_dn, ca_cert_ctx->cert[i]->cert_dn) == 0) ================= Regards, --shiro |