diff options
| author | tb <> | 2024-08-28 06:17:06 +0000 | 
|---|---|---|
| committer | tb <> | 2024-08-28 06:17:06 +0000 | 
| commit | 512532d0afc1a2962da6e0c566bb90967a493479 (patch) | |
| tree | 13dfad166a5c724aa2725339e55b84713d0f148a /src/lib/libssl/ssl_pkt.c | |
| parent | e6600c8781ee3168a9641ab8f28db4d05ef8e881 (diff) | |
| download | openbsd-512532d0afc1a2962da6e0c566bb90967a493479.tar.gz openbsd-512532d0afc1a2962da6e0c566bb90967a493479.tar.bz2 openbsd-512532d0afc1a2962da6e0c566bb90967a493479.zip | |
Avoid polluting the error stack when printing certificates
For a certificate serial number between LONG_MAX and ULONG_MAX, the call to
ASN1_INTEGER_get() fails and leaves an error on the stack because the check
bs->length <= sizeof(long) doesn't quite do what it's supposed to do (bs is
probably for bitstring, although the more common reading would be adequate,
too.)
Fix this by checking for non-negativity and using ASN1_INTEGER_get_uint64()
and add a lengthy comment to explain the nonsense per beck's request.
discussed with jsing
ok beck
Diffstat (limited to 'src/lib/libssl/ssl_pkt.c')
0 files changed, 0 insertions, 0 deletions
