Fix nc_email to check ASN1 strings with NULL byte in the middle

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #16524) (cherry picked from commit 485d079)
openssl · Sep 13, 2021 · 9e44ffc · 9e44ffc
1 parent 2753b6f
commit 9e44ffc
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
@@ -602,6 +602,9 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
         if (baseat != baseptr) {
             if ((baseat - baseptr) != (emlat - emlptr))
                 return X509_V_ERR_PERMITTED_VIOLATION;
+            if (memchr(baseptr, 0, baseat - baseptr) ||
+                memchr(emlptr, 0, emlat - emlptr))
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
             /* Case sensitive match of local part */
             if (strncmp(baseptr, emlptr, emlat - emlptr))
                 return X509_V_ERR_PERMITTED_VIOLATION;