Bug #8751: Fix parsing old x.509 certs

author Michael M Slusarz <slusarz@curecanti.org>

Mon, 14 Dec 2009 19:38:18 +0000 (12:38 -0700)

committer Michael M Slusarz <slusarz@curecanti.org>

Mon, 14 Dec 2009 19:38:18 +0000 (12:38 -0700)
author Michael M Slusarz <slusarz@curecanti.org>
Mon, 14 Dec 2009 19:38:18 +0000 (12:38 -0700)
committer Michael M Slusarz <slusarz@curecanti.org>
Mon, 14 Dec 2009 19:38:18 +0000 (12:38 -0700)
diff --git a/framework/Crypt/lib/Horde/Crypt/Smime.php b/framework/Crypt/lib/Horde/Crypt/Smime.php

index e035e0f..737e00d 100644 (file)
--- a/framework/Crypt/lib/Horde/Crypt/Smime.php
+++ b/framework/Crypt/lib/Horde/Crypt/Smime.php
@@ -659,7 +659,14 @@ class Horde_Crypt_Smime extends Horde_Crypt
          $cert_data = $this->_parseASN($raw_cert);
          if (!is_array($cert_data) ||
              ($cert_data[0] == 'UNKNOWN') ||
-            ($cert_data[1][0] == 'UNKNOWN')) {
+            ($cert_data[1][0] == 'UNKNOWN') ||
+            /* Bug #8751: Check for required number of fields. The ASN
+             * parsing code doesn't seem to be able to handle v1 data - it
+             * combines the version and serial number fields.
+             * openssl_x509_parse() works, but doesn't have a stable API.
+             * Since v1 is such an old standard anyway, best just to abort
+             * here. */
+            (count($cert_data[1][0][1]) != 7)) {
              return false;
          }
author	Michael M Slusarz <slusarz@curecanti.org>
	Mon, 14 Dec 2009 19:38:18 +0000 (12:38 -0700)
committer	Michael M Slusarz <slusarz@curecanti.org>
	Mon, 14 Dec 2009 19:38:18 +0000 (12:38 -0700)