summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa/dsa_ameth.c
diff options
context:
space:
mode:
authortb <>2021-03-12 15:53:38 +0000
committertb <>2021-03-12 15:53:38 +0000
commit430ac1ca1c8120f48481984e640aa9977f780961 (patch)
treea3bddfd82ef9b838d9f033cc9f49fd87d6922a21 /src/lib/libcrypto/dsa/dsa_ameth.c
parent06b209000b9311573c72169763a57fe69aa0d6c5 (diff)
downloadopenbsd-430ac1ca1c8120f48481984e640aa9977f780961.tar.gz
openbsd-430ac1ca1c8120f48481984e640aa9977f780961.tar.bz2
openbsd-430ac1ca1c8120f48481984e640aa9977f780961.zip
Fix checks of memory caps of constraints names
x509_internal.h defines caps on the number of name constraints and other names (such as subjectAltNames) that we want to allocate per cert chain. These limits are checked too late. In a particularly silly cert that jan found on ugos.ugm.ac.id 443, we ended up allocating six times 2048 x509_constraint_name structures before deciding that these are more than 512. Fix this by adding a names_max member to x509_constraints_names which is set on allocation against which each addition of a name is checked. cluebat/ok jsing ok inoguchi on earlier version
Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_ameth.c')
0 files changed, 0 insertions, 0 deletions