Limit how many FileAndHash entries a single manifest may contain

OK claudio@

2 files changed, 14 insertions, 3 deletions

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 685acdbd746..77a3aa2bce4 100644
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: extern.h,v 1.84 2021/10/28 11:57:00 claudio Exp $ */
+/*	$OpenBSD: extern.h,v 1.85 2021/10/28 13:51:42 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -622,4 +622,9 @@ int	mkpath(const char *);
  */
 #define MAX_FILE_SIZE 2000000
 
+/*
+ * Maximum number of FileAndHash entries per Manifest.
+ */
+#define	MAX_MANIFEST_ENTRIES	100000
+
 #endif /* ! EXTERN_H */
diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c
index 0ab7f4f80cb..77e16c49e9d 100644
--- a/usr.sbin/rpki-client/mft.c
+++ b/usr.sbin/rpki-client/mft.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mft.c,v 1.41 2021/10/26 10:52:50 claudio Exp $ */
+/*	$OpenBSD: mft.c,v 1.42 2021/10/28 13:51:42 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -228,6 +228,12 @@ mft_parse_flist(struct parse *p, const ASN1_OCTET_STRING *os)
 		goto out;
 	}
 
+	if (sk_ASN1_TYPE_num(seq) > MAX_MANIFEST_ENTRIES) {
+		warnx("%s: %d exceeds manifest entry limit (%d)", p->fn,
+		    sk_ASN1_TYPE_num(seq), MAX_MANIFEST_ENTRIES);
+		goto out;
+	}
+
 	p->res->files = calloc(sk_ASN1_TYPE_num(seq), sizeof(struct mftfile));
 	if (p->res->files == NULL)
 		err(1, NULL);
@@ -244,7 +250,7 @@ mft_parse_flist(struct parse *p, const ASN1_OCTET_STRING *os)
 	}
 
 	rc = 1;
-out:
+ out:
 	sk_ASN1_TYPE_pop_free(seq, ASN1_TYPE_free);
 	return rc;
 }