diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-04-28 19:45:44 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-04-29 19:42:21 +0100 |
commit | 77076dc944f76e821e4eae3a6563b853ce00c0ed (patch) | |
tree | 9860d1901021d2423d8e1d0fef028d2591fc6740 /include | |
parent | b33d1141b6dcce947708b984c5e9e91dad3d675d (diff) | |
download | openssl-77076dc944f76e821e4eae3a6563b853ce00c0ed.tar.gz |
Add checks to X509_NAME_oneline()
Sanity check field lengths and sums to avoid potential overflows and reject
excessively large X509_NAME structures.
Issue reported by Guido Vranken.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/x509.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index a36500c8c2..009ee6aa4c 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1122,6 +1122,7 @@ void ERR_load_X509_strings(void); # define X509_R_LOADING_CERT_DIR 103 # define X509_R_LOADING_DEFAULTS 104 # define X509_R_METHOD_NOT_SUPPORTED 124 +# define X509_R_NAME_TOO_LONG 134 # define X509_R_NEWER_CRL_NOT_NEWER 132 # define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 # define X509_R_NO_CRL_NUMBER 130 |