Fix checks of memory caps of constraints names - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-03-12 15:53:38 +0000
committer	tb <>	2021-03-12 15:53:38 +0000
commit	36a9d2bef3d172950dafcf87bb1757ae12603547 (patch)
tree	a3bddfd82ef9b838d9f033cc9f49fd87d6922a21 /src/lib/libssl/s3_lib.c
parent	292f984699e04c11c217521b43445a995f70fa61 (diff)
download	openbsd-36a9d2bef3d172950dafcf87bb1757ae12603547.tar.gz openbsd-36a9d2bef3d172950dafcf87bb1757ae12603547.tar.bz2 openbsd-36a9d2bef3d172950dafcf87bb1757ae12603547.zip

Fix checks of memory caps of constraints names

x509_internal.h defines caps on the number of name constraints and other names (such as subjectAltNames) that we want to allocate per cert chain. These limits are checked too late. In a particularly silly cert that jan found on ugos.ugm.ac.id 443, we ended up allocating six times 2048 x509_constraint_name structures before deciding that these are more than 512. Fix this by adding a names_max member to x509_constraints_names which is set on allocation against which each addition of a name is checked. cluebat/ok jsing ok inoguchi on earlier version

Diffstat (limited to 'src/lib/libssl/s3_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: