diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2021-03-12 15:53:39 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2021-03-12 15:53:39 +0000 |
commit | ce31dec12afc270a7545d41c9539ebe6279e1971 (patch) | |
tree | 04a0a625419435709c756f19cbf08ef4f63da380 /regress/libexec | |
parent | 352a8b203d76e4a3927eaa35b8e69a643b319fdd (diff) |
Fix checks of memory caps of constraints names
x509_internal.h defines caps on the number of name constraints and
other names (such as subjectAltNames) that we want to allocate per
cert chain. These limits are checked too late. In a particularly
silly cert that jan found on ugos.ugm.ac.id 443, we ended up
allocating six times 2048 x509_constraint_name structures before
deciding that these are more than 512.
Fix this by adding a names_max member to x509_constraints_names which
is set on allocation against which each addition of a name is checked.
cluebat/ok jsing
ok inoguchi on earlier version
Diffstat (limited to 'regress/libexec')
0 files changed, 0 insertions, 0 deletions