Merge branch 'iotssl-1077-dos-crl'

Modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM format with trailing characters after the footer does not result in the execution of an infinite loop.
2017-02-26 01:16:02 +00:00 · 2017-02-26 01:16:02 +00:00 · 0278a38f10
commit 0278a38f10
parent 9cfdf2caa7 a39db394db
5 changed files with 46 additions and 1 deletions
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@ -530,7 +530,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s

            mbedtls_pem_free( &pem );
        }
-        else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+        else if( is_pem )
        {
            mbedtls_pem_free( &pem );
            return( ret );