Check for certificate serial number too big. Fixes #642.

svn path=/trunk/; revision=5581
author: Rob Austein <sra@hactrn.net> 2013-11-06 00:45:05 +0000
committer: Rob Austein <sra@hactrn.net> 2013-11-06 00:45:05 +0000
commit: faafc15ecf6233aaffe548cf0d008ddb1bc8f0d2 (patch)
tree: 01bfda98866446d9733d863b0d95b2328ce840ee /rcynic/rcynic.c
parent: c5cd789e779dac8caf48566ecd5f300190db2d6f (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c
index 720821bd..3907e120 100644
--- a/rcynic/rcynic.c
+++ b/rcynic/rcynic.c
@@ -3597,7 +3597,8 @@ static int check_x509(rcynic_ctx_t *rc,
   certinfo->uri = *uri;
   certinfo->generation = generation;
 
-  if (ASN1_INTEGER_cmp(X509_get_serialNumber(x), asn1_zero) <= 0) {
+  if (ASN1_INTEGER_cmp(X509_get_serialNumber(x), asn1_zero) <= 0 ||
+      ASN1_INTEGER_cmp(X509_get_serialNumber(x), asn1_twenty_octets) > 0) {
     log_validation_status(rc, uri, bad_certificate_serial_number, generation);
     goto done;
   }
author	Rob Austein <sra@hactrn.net>	2013-11-06 00:45:05 +0000
committer	Rob Austein <sra@hactrn.net>	2013-11-06 00:45:05 +0000
commit	faafc15ecf6233aaffe548cf0d008ddb1bc8f0d2 (patch)
tree	01bfda98866446d9733d863b0d95b2328ce840ee /rcynic/rcynic.c
parent	c5cd789e779dac8caf48566ecd5f300190db2d6f (diff)