Google Git
Sign in
boringssl/boringssl/335442f73dfc9dd7a8f8e35b7de02a8c12c769f6^!/.
commit
335442f73dfc9dd7a8f8e35b7de02a8c12c769f6
[log]
author
Minhal Cheng <minhalemail@gmail.com>
Fri Apr 17 13:48:44 2026 +0800
committer
boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fri Apr 17 07:52:28 2026 -0700
tree
c61af848cba73c284d18a37a9ea847191f466f02
parent
2a5c8122bb727f85de39a0ce6562ffa9c05ef11f [diff]
Fix wrong parser variable in directoryName trailing data check

ParseGeneralName uses two parsers: `parser` for the outer
GeneralName TLV, and `name_parser` for the inner directoryName
content. The trailing-data check on line 155 calls
parser.HasMore() instead of name_parser.HasMore().

Since parser is already fully consumed by ReadTagAndValue() at
line 116, parser.HasMore() always returns false. Any bytes after
the SEQUENCE inside a directoryName are silently accepted.

Bug: None
Change-Id: I5cd8d4de2a43c88e4959ec43ef85624de297401c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/92927
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Lily Chen <chlily@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/pki/general_names.cc b/pki/general_names.cc
index d4ab234..c239946 100644
--- a/pki/general_names.cc
+++ b/pki/general_names.cc

@@ -152,7 +152,7 @@
     der::Parser name_parser(value);
     der::Input name_value;
     if (!name_parser.ReadTag(CBS_ASN1_SEQUENCE, &name_value) ||
-        parser.HasMore()) {
+        name_parser.HasMore()) {
       return false;
     }
     subtrees->directory_names.push_back(name_value);