ocsp: corrected the comparison of the serial size in OCSP response

Previously the OCSP certificate check wouldn't verify the serial length
and could succeed in cases it shouldn't.

Reported by Stefan Buehler.
parent 9bb4ca9e
Pipeline #4064129 passed with stage
in 220 minutes 8 seconds
...@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp, ...@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
gnutls_assert(); gnutls_assert();
goto cleanup; goto cleanup;
} }
cserial.size = t;
if (rserial.size != cserial.size if (rserial.size != cserial.size
|| memcmp(cserial.data, rserial.data, rserial.size) != 0) { || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment