Fail DN parsing if OID is unterminated

author Tobias Brunner <tobias@strongswan.org>

Mon, 3 Jun 2013 15:30:40 +0000 (17:30 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Tue, 11 Jun 2013 09:03:12 +0000 (11:03 +0200)
author Tobias Brunner <tobias@strongswan.org>
Mon, 3 Jun 2013 15:30:40 +0000 (17:30 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Tue, 11 Jun 2013 09:03:12 +0000 (11:03 +0200)
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c

index f94a1c8..06ec533 100644 (file)
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -398,7 +398,7 @@ static status_t atodn(char *src, chunk_t *dn)
                 switch (state)
                 {
                         case SEARCH_OID:
-                               if (*src != ' ' && *src != '/' && *src !=  ',')
+                               if (*src != ' ' && *src != '/' && *src !=  ',' && *src != '\0')
                                 {
                                         oid.ptr = src;
                                         oid.len = 1;
@@ -502,6 +502,11 @@ static status_t atodn(char *src, chunk_t *dn)
                 }
         } while (*src++ != '\0');
  
+       if (state == READ_OID)
+       {       /* unterminated OID */
+               status = INVALID_ARG;
+       }
+
         /* build the distinguished name sequence */
         {
                 int i;
@@ -514,7 +519,6 @@ static status_t atodn(char *src, chunk_t *dn)
                         free(rdns[i].ptr);
                 }
         }
-
         if (status != SUCCESS)
         {
                 free(dn->ptr);
author	Tobias Brunner <tobias@strongswan.org>
	Mon, 3 Jun 2013 15:30:40 +0000 (17:30 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Tue, 11 Jun 2013 09:03:12 +0000 (11:03 +0200)