summaryrefslogtreecommitdiff
path: root/regress/libexec
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2021-03-12 15:53:39 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2021-03-12 15:53:39 +0000
commitce31dec12afc270a7545d41c9539ebe6279e1971 (patch)
tree04a0a625419435709c756f19cbf08ef4f63da380 /regress/libexec
parent352a8b203d76e4a3927eaa35b8e69a643b319fdd (diff)
Fix checks of memory caps of constraints names
x509_internal.h defines caps on the number of name constraints and other names (such as subjectAltNames) that we want to allocate per cert chain. These limits are checked too late. In a particularly silly cert that jan found on ugos.ugm.ac.id 443, we ended up allocating six times 2048 x509_constraint_name structures before deciding that these are more than 512. Fix this by adding a names_max member to x509_constraints_names which is set on allocation against which each addition of a name is checked. cluebat/ok jsing ok inoguchi on earlier version
Diffstat (limited to 'regress/libexec')
0 files changed, 0 insertions, 0 deletions