fixed ASN.1 decoding bug in the basic ca constraint certificate extension

2012-05-25 16:32:10 -07:00 · 2012-05-25 16:32:10 -07:00 · c2292c31b0
commit c2292c31b0
parent 28fb9fb0f7
1 changed files with 4 additions and 0 deletions
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@ -2078,6 +2078,10 @@ static void DecodeBasicCaConstraint(byte* input, int sz, DecodedCert* cert)
    CYASSL_ENTER("DecodeBasicCaConstraint");
    if (GetSequence(input, &idx, &length, sz) < 0) return;

+    if (length == 0) return;
+    /* If the basic ca constraint is false, this extension may be named, but
+     * left empty. So, if the length is 0, just return. */
+
    if (input[idx++] != ASN_BOOLEAN)
    {
        CYASSL_MSG("\tfail: constraint not BOOLEAN");