Cumulative patch from commit 54ac6ff8c4a20f8c3678e0c610716ce7795b8320
54ac6ff PKCS 1: Add function for checking v1.5 RSA signature
d381184 RSA: Add OID definitions and helper function for hash algorithms
ab6d047 Add function for building RSA public key from n and e parameters
6c5be11 PKCS #1: Enforce minimum padding for decryption in internal TLS
e6d83cc PKCS #1: Allow only BT=01 for signature in internal TLS
9c29d48 X.509: Fix internal TLS/X.509 validation of PKCS#1 signature
10b58b5 TNC: Allow TNC to be enabled dynamically
0a626a5 TNC: Move common definitions into a shared header file
4075e4e TNC: Allow tnc_config file path to be replaced
f0356ec eloop: Add epoll option for better performance
da96a6f eloop: Separate event loop select/poll implementation
68d2700 dbus: No need to recompute group object path on GroupStarted signal
f3734e2 dbus: Provide the P2P Device Address from the relevant structure
e956b83 dbus: Fix interface DeviceFound signal specification
fc591a7 dbus: Declare GONegotiation signals properly
Change-Id: I54a598ae249ca569f15eaef8f728985897e1b2f0
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index a9483cb..751a268 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -1783,6 +1783,15 @@
return -1;
}
+ if (hdr.payload + hdr.length < data + data_len) {
+ wpa_hexdump(MSG_INFO,
+ "X509: Extra data after certificate signature hash",
+ hdr.payload + hdr.length,
+ data + data_len - hdr.payload - hdr.length);
+ os_free(data);
+ return -1;
+ }
+
os_free(data);
wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "