diff options
| author | Kenny Root <kroot@google.com> | 2013-03-15 10:39:29 -0700 |
|---|---|---|
| committer | Kenny Root <kroot@google.com> | 2013-03-15 10:54:49 -0700 |
| commit | e4502a9efb6461e37784cac58235944ef0d0c0cb (patch) | |
| tree | 18000a532221024de2a820226dcfa24145c70949 /luni | |
| parent | ec61aba5517ba6967efafc73de06c9e4215c0ade (diff) | |
| download | libcore-e4502a9efb6461e37784cac58235944ef0d0c0cb.zip libcore-e4502a9efb6461e37784cac58235944ef0d0c0cb.tar.gz libcore-e4502a9efb6461e37784cac58235944ef0d0c0cb.tar.bz2 | |
NativeCrypto: reject non-IA5String altnames
Certificates with rfc822Name, dNSName, or uniformResourceLocator must be
an IA5String, but OpenSSL doesn't enforce that during parsing. Return
NULL for those entries that don't comply.
Change-Id: I26727007196980648955f861df1d1cc013506911
Diffstat (limited to 'luni')
| -rw-r--r-- | luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp b/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp index 56b771a..aafba3a 100644 --- a/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp +++ b/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp @@ -3824,8 +3824,16 @@ static jobject GENERAL_NAME_to_jobject(JNIEnv* env, GENERAL_NAME* gen) { switch (gen->type) { case GEN_EMAIL: case GEN_DNS: - case GEN_URI: - return env->NewStringUTF(reinterpret_cast<char*>(ASN1_STRING_data(gen->d.ia5))); + case GEN_URI: { + // This must be an IA5String and must not contain NULLs. + char* data = reinterpret_cast<char*>(ASN1_STRING_data(gen->d.ia5)); + if ((ASN1_STRING_type(gen->d.ia5) == V_ASN1_IA5STRING) + && (static_cast<size_t>(ASN1_STRING_length(gen->d.ia5)) == strlen(data))) { + return env->NewStringUTF(data); + } else { + return NULL; + } + } case GEN_DIRNAME: /* Write in RFC 2253 format */ return X509_NAME_to_jstring(env, gen->d.directoryName, XN_FLAG_RFC2253); |