PKIX: explicit validation of version number and extension repeats

author: Peter Dettman <peter.dettman@bouncycastle.org> 2018-04-17 13:12:18 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2018-04-17 13:12:18 +0700
commit: 374564ba8b2b385c90633679aae9cca27d0bb069 (patch)
tree: 22dcb8cf1c3b91adbae9b472365c587654860841 /crypto/src/asn1/x509/X509Extensions.cs
parent: Updated OpenBsdBCrypt to support version 2y. (diff)
download: BouncyCastle.NET-ed25519-374564ba8b2b385c90633679aae9cca27d0bb069.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/crypto/src/asn1/x509/X509Extensions.cs b/crypto/src/asn1/x509/X509Extensions.cs
index 049d728bb..d1b9fa39a 100644
--- a/crypto/src/asn1/x509/X509Extensions.cs
+++ b/crypto/src/asn1/x509/X509Extensions.cs
@@ -224,7 +224,10 @@ namespace Org.BouncyCastle.Asn1.X509
 
 				Asn1OctetString octets = Asn1OctetString.GetInstance(s[s.Count - 1].ToAsn1Object());
 
-				extensions.Add(oid, new X509Extension(isCritical, octets));
+                if (extensions.Contains(oid))
+                    throw new ArgumentException("repeated extension found: " + oid);
+
+                extensions.Add(oid, new X509Extension(isCritical, octets));
 				ordering.Add(oid);
 			}
         }
author	Peter Dettman <peter.dettman@bouncycastle.org>	2018-04-17 13:12:18 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2018-04-17 13:12:18 +0700
commit	374564ba8b2b385c90633679aae9cca27d0bb069 (patch)
tree	22dcb8cf1c3b91adbae9b472365c587654860841 /crypto/src/asn1/x509/X509Extensions.cs
parent	Updated OpenBsdBCrypt to support version 2y. (diff)
download	BouncyCastle.NET-ed25519-374564ba8b2b385c90633679aae9cca27d0bb069.tar.xz