diff options
author | Mikołaj Siedlarek <mikolaj@siedlarek.pl> | 2014-10-04 10:58:09 +0200 |
---|---|---|
committer | Mikołaj Siedlarek <mikolaj@siedlarek.pl> | 2014-10-10 10:17:07 +0200 |
commit | 9ddf2fb3768e87cc1f6dbb181261d68f266f4327 (patch) | |
tree | 0a73feb04b90a5686dfbb7eeaf6f1ccab5abc55f /src | |
parent | 5f1f955524d003af4714e43c19062fa07c1d58f8 (diff) |
Prevent parsing of SSL certificates from 0-size buffers.
When QSslCertificatePrivate::certificatesFromDer() was passed count ==
-1 to extract unlimied number of certificates from buffer, it also tried
to parse the 0-sized fragment after the last certificate. This has
caused d2i_X509() to report an error on latest OpenSSL.
Task-number: QTBUG-41774
Change-Id: Ifa36b7ac5b4236bd2fb53b9d7fe53c5db3cb078c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/network/ssl/qsslcertificate_openssl.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp index 664f5eba08..850654835d 100644 --- a/src/network/ssl/qsslcertificate_openssl.cpp +++ b/src/network/ssl/qsslcertificate_openssl.cpp @@ -683,7 +683,7 @@ QList<QSslCertificate> QSslCertificatePrivate::certificatesFromDer(const QByteAr #endif int size = der.size(); - while (count == -1 || certificates.size() < count) { + while (size > 0 && (count == -1 || certificates.size() < count)) { if (X509 *x509 = q_d2i_X509(0, &data, size)) { certificates << QSslCertificate_from_X509(x509); q_X509_free(x509); |