[libaacs-devel] crypto_aacs_verify_cert(): check certificate length

npzacs Sat, 24 Sep 2011 07:18:49 -0700

libaacs | branch: master | npzacs <[email protected]> | Sat Sep 24 15:29:43 2011 
+0300| [d895e8c86a88a03db906a66dd0f083badbdf5a5d] | committer: npzacs


crypto_aacs_verify_cert(): check certificate length

> http://git.videolan.org/gitweb.cgi/libaacs.git/?a=commit;h=d895e8c86a88a03db906a66dd0f083badbdf5a5d
---

 src/libaacs/crypto.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/src/libaacs/crypto.c b/src/libaacs/crypto.c
index 0c6601e..3328a9e 100644
--- a/src/libaacs/crypto.c
+++ b/src/libaacs/crypto.c
@@ -455,6 +455,12 @@ int  crypto_aacs_verify_aacsla(const uint8_t *signature, 
const uint8_t *data, ui
 
 int crypto_aacs_verify_cert(const uint8_t *cert)
 {
+    if (MKINT_BE16(cert+2) != 0x5c) {
+        DEBUG(DBG_AACS|DBG_CRIT, "Certificate length is invalid (0x%04x), 
expected 0x005c\n",
+              MKINT_BE16(cert+2));
+        return 0;
+    }
+
     return crypto_aacs_verify_aacsla(cert + 52, cert, 52);
 }
 

_______________________________________________
libaacs-devel mailing list
[email protected]
http://mailman.videolan.org/listinfo/libaacs-devel

[libaacs-devel] crypto_aacs_verify_cert(): check certificate length

Reply via email to