summaryrefslogtreecommitdiff
path: root/thirdparty/mbedtls/library/x509_crt.c
diff options
context:
space:
mode:
authorRĂ©mi Verschelde <rverschelde@gmail.com>2020-07-02 22:21:46 +0200
committerGitHub <noreply@github.com>2020-07-02 22:21:46 +0200
commit661f8ee780927779b133fa3da8ed4a83bef5b44b (patch)
tree0a2f98672834d95dcc980dbce820b65ee0779baf /thirdparty/mbedtls/library/x509_crt.c
parent67e4082b1e73f3cbe518c499eb328b0f68f3419b (diff)
parent8ddf9fe4b031ff93892f99ec1c6cfceb3d0f951f (diff)
Merge pull request #40057 from Faless/mbedtls/2.16.7
Update to mbedtls 2.16.7
Diffstat (limited to 'thirdparty/mbedtls/library/x509_crt.c')
-rw-r--r--thirdparty/mbedtls/library/x509_crt.c35
1 files changed, 34 insertions, 1 deletions
diff --git a/thirdparty/mbedtls/library/x509_crt.c b/thirdparty/mbedtls/library/x509_crt.c
index a3697f13f9..7d01585472 100644
--- a/thirdparty/mbedtls/library/x509_crt.c
+++ b/thirdparty/mbedtls/library/x509_crt.c
@@ -2,7 +2,13 @@
* X.509 certificate parsing and verification
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,6 +22,27 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
+ *
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
@@ -527,6 +554,12 @@ static int x509_get_basic_constraints( unsigned char **p,
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer
+ * overflow, which is an undefined behavior. */
+ if( *max_pathlen == INT_MAX )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+ MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+
(*max_pathlen)++;
return( 0 );