Update to openssl 1.0.2h

Signed-off-by: Gary Lin <glin@suse.com>
author: Gary Lin <glin@suse.com> 2016-07-21 12:28:11 +0800
committer: Peter Jones <pjones@redhat.com> 2016-09-06 15:05:36 -0400
commit: 8dcfecc6c76effa8afe0d4b6eca95023d51f1e03 (patch)
tree: 42c00f22bb1e6c668703bd83939f30dda01ad7e6 /Cryptlib/OpenSSL/crypto/asn1/x_name.c
parent: d8b0e8e0ce347d9f5830cfeb3fd09a887a903d09 (diff)
download: efi-boot-shim-8dcfecc6c76effa8afe0d4b6eca95023d51f1e03.tar.gz
efi-boot-shim-8dcfecc6c76effa8afe0d4b6eca95023d51f1e03.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_name.c b/Cryptlib/OpenSSL/crypto/asn1/x_name.c
index 737c426f..a858c299 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_name.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_name.c
@@ -66,6 +66,13 @@
 typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
 DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
 
+/*
+ * Maximum length of X509_NAME: much larger than anything we should
+ * ever see in practice.
+ */
+
+#define X509_NAME_MAX (1024 * 1024)
+
 static int x509_name_ex_d2i(ASN1_VALUE **val,
                             const unsigned char **in, long len,
                             const ASN1_ITEM *it,
@@ -192,6 +199,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
     int i, j, ret;
     STACK_OF(X509_NAME_ENTRY) *entries;
     X509_NAME_ENTRY *entry;
+    if (len > X509_NAME_MAX) {
+        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
+        return 0;
+    }
     q = p;
 
     /* Get internal representation of Name */
author	Gary Lin <glin@suse.com>	2016-07-21 12:28:11 +0800
committer	Peter Jones <pjones@redhat.com>	2016-09-06 15:05:36 -0400
commit	8dcfecc6c76effa8afe0d4b6eca95023d51f1e03 (patch)
tree	42c00f22bb1e6c668703bd83939f30dda01ad7e6 /Cryptlib/OpenSSL/crypto/asn1/x_name.c
parent	d8b0e8e0ce347d9f5830cfeb3fd09a887a903d09 (diff)
download	efi-boot-shim-8dcfecc6c76effa8afe0d4b6eca95023d51f1e03.tar.gz efi-boot-shim-8dcfecc6c76effa8afe0d4b6eca95023d51f1e03.zip