summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins/pem/pem_builder.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins/pem/pem_builder.c')
-rw-r--r--src/libstrongswan/plugins/pem/pem_builder.c25
1 files changed, 24 insertions, 1 deletions
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index 62780c384..f0e508abf 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -365,6 +365,29 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp)
}
/**
+ * Check if a blob looks like an ASN1 SEQUENCE or SET with BER indefinite length
+ */
+static bool is_ber_indefinite_length(chunk_t blob)
+{
+ if (blob.len >= 4)
+ {
+ switch (blob.ptr[0])
+ {
+ case ASN1_SEQUENCE:
+ case ASN1_SET:
+ /* BER indefinite length uses 0x80, and is terminated with
+ * end-of-content using 0x00,0x00 */
+ return blob.ptr[1] == 0x80 &&
+ blob.ptr[blob.len - 2] == 0 &&
+ blob.ptr[blob.len - 1] == 0;
+ default:
+ break;
+ }
+ }
+ return FALSE;
+}
+
+/**
* load the credential from a blob
*/
static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
@@ -374,7 +397,7 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
bool pgp = FALSE;
blob = chunk_clone(blob);
- if (!is_asn1(blob))
+ if (!is_ber_indefinite_length(blob) && !is_asn1(blob))
{
if (pem_to_bin(&blob, &pgp) != SUCCESS)
{