summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_handshake_msg.c
diff options
context:
space:
mode:
authortb <>2024-08-28 06:17:06 +0000
committertb <>2024-08-28 06:17:06 +0000
commit512532d0afc1a2962da6e0c566bb90967a493479 (patch)
tree13dfad166a5c724aa2725339e55b84713d0f148a /src/lib/libssl/tls13_handshake_msg.c
parente6600c8781ee3168a9641ab8f28db4d05ef8e881 (diff)
downloadopenbsd-512532d0afc1a2962da6e0c566bb90967a493479.tar.gz
openbsd-512532d0afc1a2962da6e0c566bb90967a493479.tar.bz2
openbsd-512532d0afc1a2962da6e0c566bb90967a493479.zip
Avoid polluting the error stack when printing certificates
For a certificate serial number between LONG_MAX and ULONG_MAX, the call to ASN1_INTEGER_get() fails and leaves an error on the stack because the check bs->length <= sizeof(long) doesn't quite do what it's supposed to do (bs is probably for bitstring, although the more common reading would be adequate, too.) Fix this by checking for non-negativity and using ASN1_INTEGER_get_uint64() and add a lengthy comment to explain the nonsense per beck's request. discussed with jsing ok beck
Diffstat (limited to 'src/lib/libssl/tls13_handshake_msg.c')
0 files changed, 0 insertions, 0 deletions