ocsp: corrected the comparison of the serial size in OCSP response

Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't. Reported by Stefan Buehler.

ocsp: corrected the comparison of the serial size in OCSP response
Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't. Reported by Stefan Buehler.
964632f3 · Nikos Mavrogiannopoulos · 9bb4ca9e · 964632f3
Commit 964632f3 authored Aug 27, 2016 by Nikos Mavrogiannopoulos
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
 		gnutls_assert();
 		goto cleanup;
 	}
+	cserial.size = t;

 	if (rserial.size != cserial.size
 	    || memcmp(cserial.data, rserial.data, rserial.size) != 0) {