ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

pki: Don't remove zero bytes in CRL serials anymore 

This was added a few years ago because pki --signcrl once encoded serials
incorrectly as eight byte blobs.  But still ensure we have can handle
overflows in case the serial is encoded incorrectly without zero-prefix.
This commit is contained in:
Tobias Brunner 2016-10-03 12:15:10 +02:00 committed by Andreas Steffen
parent 49d9266c31
commit 790847d17c
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/pki/commands/signcrl.c
View File

@ -376,14 +376,15 @@ static int sign_crl()
lastenum = enumerator_create_empty();
}
/* remove superfluous leading zeros */
while (crl_serial.len > 1 && crl_serial.ptr[0] == 0x00 &&
(crl_serial.ptr[1] & 0x80) == 0x00)
{
crl_serial = chunk_skip_zero(crl_serial);
if (!crl_serial.len || crl_serial.ptr[0] & 0x80)
{ /* add leading 0x00 to handle potential overflow if serial is encoded
* incorrectly */
crl_serial = chunk_cat("cc", chunk_from_chars(0x00), crl_serial);
}
else
{
crl_serial = chunk_clone(crl_serial);
}
crl_serial = chunk_clone(crl_serial);
/* increment the serial number by one */
chunk_increment(crl_serial);