Check for trailing garbage in X509_addr_get_afi()

Per RFC 3779 2.2.3.3, the addressFamily field contains the 2-byte AFI
and an optional 1-byte SAFI. Nothing else. The optional SAFI is nowhere
exposed in the API. It is used expliclty only for pretty printing. There
are implicit uses in a few places, notably for sorting/comparing where
trailing garbage would be erroneously taken into account.

Erroring in this situation will let us avoid this in upcoming revisions.

ok inoguchi jsing

1 files changed, 5 insertions, 1 deletions

diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index 64dd830514..fda73b304e 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_addr.c,v 1.29 2021/12/28 15:49:11 tb Exp $ */
+/*      $OpenBSD: x509_addr.c,v 1.30 2021/12/28 15:59:13 tb Exp $ */
 /*
  * Contributed to the OpenSSL Project by the American Registry for
  * Internet Numbers ("ARIN").
@@ -354,6 +354,10 @@ X509v3_addr_get_afi(const IPAddressFamily *f)
         if (!CBS_get_u16(&cbs, &afi))
                 return 0;
 
+        /* One byte for the optional SAFI, everything else is garbage. */
+        if (CBS_len(&cbs) > 1)
+                return 0;
+
         return afi;
 }