Commit 964632f3 authored by Nikos Mavrogiannopoulos's avatar Nikos Mavrogiannopoulos
Browse files

ocsp: corrected the comparison of the serial size in OCSP response

Previously the OCSP certificate check wouldn't verify the serial length
and could succeed in cases it shouldn't.

Reported by Stefan Buehler.
parent 9bb4ca9e
Pipeline #4064129 passed with stage
in 220 minutes and 8 seconds
......@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
gnutls_assert();
goto cleanup;
}
cserial.size = t;
if (rserial.size != cserial.size
|| memcmp(cserial.data, rserial.data, rserial.size) != 0) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment