x509: nameConstraints sequence does not require a loop
Fixes: CVE-2017-9023
This commit is contained in:
parent
f2f9edbbc0
commit
38a8ecadb7
|
@ -933,14 +933,13 @@ end:
|
||||||
* ASN.1 definition of nameConstraints
|
* ASN.1 definition of nameConstraints
|
||||||
*/
|
*/
|
||||||
static const asn1Object_t nameConstraintsObjects[] = {
|
static const asn1Object_t nameConstraintsObjects[] = {
|
||||||
{ 0, "nameConstraints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
|
{ 0, "nameConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
|
||||||
{ 1, "permittedSubtrees", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 1 */
|
{ 1, "permittedSubtrees", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 1 */
|
||||||
{ 2, "generalSubtree", ASN1_SEQUENCE, ASN1_BODY }, /* 2 */
|
{ 2, "generalSubtree", ASN1_SEQUENCE, ASN1_BODY }, /* 2 */
|
||||||
{ 1, "end loop", ASN1_EOC, ASN1_END }, /* 3 */
|
{ 1, "end loop", ASN1_EOC, ASN1_END }, /* 3 */
|
||||||
{ 1, "excludedSubtrees", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_LOOP }, /* 4 */
|
{ 1, "excludedSubtrees", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_LOOP }, /* 4 */
|
||||||
{ 2, "generalSubtree", ASN1_SEQUENCE, ASN1_BODY }, /* 5 */
|
{ 2, "generalSubtree", ASN1_SEQUENCE, ASN1_BODY }, /* 5 */
|
||||||
{ 1, "end loop", ASN1_EOC, ASN1_END }, /* 6 */
|
{ 1, "end loop", ASN1_EOC, ASN1_END }, /* 6 */
|
||||||
{ 0, "end loop", ASN1_EOC, ASN1_END }, /* 7 */
|
|
||||||
{ 0, "exit", ASN1_EOC, ASN1_EXIT }
|
{ 0, "exit", ASN1_EOC, ASN1_EXIT }
|
||||||
};
|
};
|
||||||
#define NAME_CONSTRAINT_PERMITTED 2
|
#define NAME_CONSTRAINT_PERMITTED 2
|
||||||
|
|
Loading…
Reference in New Issue