From 6c8fcd4bb31d2c4da90e94d78363182d1e92a6c7 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Tue, 8 May 2012 10:38:04 +0100
Subject: [PATCH] [crypto] Check that common name contains no NUL characters

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/crypto/x509.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 3261b8eb..356b60a3 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -575,6 +575,15 @@ static int x509_parse_common_name ( struct x509_certificate *cert, char **name,
 		if ( ! *name )
 			return -ENOMEM;
 		memcpy ( *name, name_cursor.data, name_cursor.len );
+
+		/* Check that name contains no NULs */
+		if ( strlen ( *name ) != name_cursor.len ) {
+			DBGC ( cert, "X509 %p contains malicious commonName:\n",
+			       cert );
+			DBGC_HDA ( cert, 0, raw->data, raw->len );
+			return rc;
+		}
+
 		return 0;
 	}