From 1e22f6063929fc0664ce14c56ffc719a9fc6ba64 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 4 Oct 2005 08:59:54 +0000
Subject: [PATCH] Validate that issuerAltName and subjectAltName isn't empty.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16123 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/print.c | 38 ++++++++++++++++++++++++++++++++------
 1 file changed, 32 insertions(+), 6 deletions(-)

diff --git a/lib/hx509/print.c b/lib/hx509/print.c
index 903d121e6..7506cf478 100644
--- a/lib/hx509/print.c
+++ b/lib/hx509/print.c
@@ -187,9 +187,10 @@ check_subjectKeyIdentifier(hx509_validate_ctx ctx,
 }
 
 static int
-check_subjectAltName(hx509_validate_ctx ctx, 
-		     enum critical_flag cf,
-		     const Extension *e)
+check_altName(hx509_validate_ctx ctx,
+	      const char *name,
+	      enum critical_flag cf,
+	      const Extension *e)
 {
     GeneralNames gn;
     size_t size;
@@ -197,11 +198,19 @@ check_subjectAltName(hx509_validate_ctx ctx,
 
     check_Null(ctx, cf, e);
 
+    if (e->extnValue.length == 0) {
+	printf("%sAltName empty, not allowed", name);
+	return 1;
+    }
     ret = decode_GeneralNames(e->extnValue.data, e->extnValue.length,
 			      &gn, &size);
     if (ret) {
-	printf("\tret = %d while decoding GeneralNames\n", ret);
-	return 0;
+	printf("\tret = %d while decoding %s GeneralNames\n", ret, name);
+	return 1;
+    }
+    if (gn.len == 0) {
+	printf("%sAltName generalName empty, not allowed", name);
+	return 1;
     }
 
     free_GeneralNames(&gn);
@@ -209,6 +218,23 @@ check_subjectAltName(hx509_validate_ctx ctx,
     return 0;
 }
 
+static int
+check_subjectAltName(hx509_validate_ctx ctx,
+		     enum critical_flag cf,
+		     const Extension *e)
+{
+    return check_altName(ctx, "subject", cf, e);
+}
+
+static int
+check_issuerAltName(hx509_validate_ctx ctx,
+		     enum critical_flag cf,
+		     const Extension *e)
+{
+    return check_altName(ctx, "issuer", cf, e);
+}
+
+
 static int
 check_basicConstraints(hx509_validate_ctx ctx, 
 		       enum critical_flag cf, 
@@ -251,7 +277,7 @@ struct {
     { ext(subjectKeyIdentifier, subjectKeyIdentifier), M_N_C },
     { ext(keyUsage, Null), S_C },
     { ext(subjectAltName, subjectAltName), M_N_C },
-    { ext(issuerAltName, Null), S_N_C },
+    { ext(issuerAltName, issuerAltName), S_N_C },
     { ext(basicConstraints, basicConstraints), M_C },
     { ext(cRLNumber, Null), M_N_C },
     { ext(cRLReasons, Null), M_N_C },