mirror of
https://github.com/golang/go
synced 2024-11-25 07:07:57 -07:00
update parseCertificate() to guarantee version cannot be negative
After the call to ReadOptionalASN1Integer() Version can be really large (e.g., 2,147,483,647) when performing the Version++ on line 823. In that case it would then wrap, leading to a negative Version, which will pass the version check on line 824. This change adds a check to make sure Version is reasonable prior to the increment, thereby guaranteeing it will not wrap.
This commit is contained in:
parent
bd56cb90a7
commit
88ee127097
@ -815,7 +815,7 @@ func parseCertificate(der []byte) (*Certificate, error) {
|
|||||||
if !tbs.ReadOptionalASN1Integer(&cert.Version, cryptobyte_asn1.Tag(0).Constructed().ContextSpecific(), 0) {
|
if !tbs.ReadOptionalASN1Integer(&cert.Version, cryptobyte_asn1.Tag(0).Constructed().ContextSpecific(), 0) {
|
||||||
return nil, errors.New("x509: malformed version")
|
return nil, errors.New("x509: malformed version")
|
||||||
}
|
}
|
||||||
if cert.Version < 0 {
|
if cert.Version < 0 || cert.Version > 3 {
|
||||||
return nil, errors.New("x509: malformed version")
|
return nil, errors.New("x509: malformed version")
|
||||||
}
|
}
|
||||||
// for backwards compat reasons Version is one-indexed,
|
// for backwards compat reasons Version is one-indexed,
|
||||||
|
Loading…
Reference in New Issue
Block a user