diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2022-06-01 10:59:22 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-06-01 10:59:22 +0000 |
commit | 76acafa57c02b83102847a42b8573b245844ea3c (patch) | |
tree | c1dc4dfc910c5ea3bf5e028ac9575315f2c1d9ea /usr.sbin | |
parent | abc357f832db2162bfaf576a98c93186ac695b29 (diff) |
Limit the number of RSC checklist FileNameAndHash entries the same way
as mft FileAndHash entries are checked.
ok claudio job
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/rpki-client/extern.h | 5 | ||||
-rw-r--r-- | usr.sbin/rpki-client/rsc.c | 8 |
2 files changed, 11 insertions, 2 deletions
diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index 509b58c8b0c..5536919e241 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.140 2022/05/31 18:41:43 tb Exp $ */ +/* $OpenBSD: extern.h,v 1.141 2022/06/01 10:59:21 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -701,6 +701,9 @@ int mkpathat(int, const char *); /* Maximum acceptable file size */ #define MAX_FILE_SIZE 4000000 +/* Maximum number of FileNameAndHash entries per RSC checklist. */ +#define MAX_CHECKLIST_ENTRIES 100000 + /* Maximum number of FileAndHash entries per manifest. */ #define MAX_MANIFEST_ENTRIES 100000 diff --git a/usr.sbin/rpki-client/rsc.c b/usr.sbin/rpki-client/rsc.c index a4a735c2f74..c8baa236194 100644 --- a/usr.sbin/rpki-client/rsc.c +++ b/usr.sbin/rpki-client/rsc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsc.c,v 1.7 2022/05/31 18:51:35 tb Exp $ */ +/* $OpenBSD: rsc.c,v 1.8 2022/06/01 10:59:21 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> * Copyright (c) 2022 Job Snijders <job@fastly.com> @@ -279,6 +279,12 @@ rsc_parse_checklist(struct parse *p, const STACK_OF(FileNameAndHash) *checkList) return 0; } + if (sz >= MAX_CHECKLIST_ENTRIES) { + warnx("%s: %zu exceeds checklist entry limit (%d)", p->fn, sz, + MAX_CHECKLIST_ENTRIES); + return 0; + } + p->res->files = calloc(sz, sizeof(struct rscfile)); if (p->res->files == NULL) err(1, NULL); |