diff options
| -rw-r--r-- | src/lib/libcrypto/x509/x509_constraints.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c index 5fbcef304f..55a7eae28f 100644 --- a/src/lib/libcrypto/x509/x509_constraints.c +++ b/src/lib/libcrypto/x509/x509_constraints.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_constraints.c,v 1.15 2021/03/12 15:57:30 tb Exp $ */ | 1 | /* $OpenBSD: x509_constraints.c,v 1.15.2.1 2021/09/26 14:07:40 deraadt Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -334,16 +334,16 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, | |||
| 334 | if (c == '.') | 334 | if (c == '.') |
| 335 | goto bad; | 335 | goto bad; |
| 336 | } | 336 | } |
| 337 | if (wi > DOMAIN_PART_MAX_LEN) | ||
| 338 | goto bad; | ||
| 339 | if (accept) { | 337 | if (accept) { |
| 338 | if (wi >= DOMAIN_PART_MAX_LEN) | ||
| 339 | goto bad; | ||
| 340 | working[wi++] = c; | 340 | working[wi++] = c; |
| 341 | accept = 0; | 341 | accept = 0; |
| 342 | continue; | 342 | continue; |
| 343 | } | 343 | } |
| 344 | if (candidate_local != NULL) { | 344 | if (candidate_local != NULL) { |
| 345 | /* We are looking for the domain part */ | 345 | /* We are looking for the domain part */ |
| 346 | if (wi > DOMAIN_PART_MAX_LEN) | 346 | if (wi >= DOMAIN_PART_MAX_LEN) |
| 347 | goto bad; | 347 | goto bad; |
| 348 | working[wi++] = c; | 348 | working[wi++] = c; |
| 349 | if (i == len - 1) { | 349 | if (i == len - 1) { |
| @@ -358,7 +358,7 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, | |||
| 358 | continue; | 358 | continue; |
| 359 | } | 359 | } |
| 360 | /* We are looking for the local part */ | 360 | /* We are looking for the local part */ |
| 361 | if (wi > LOCAL_PART_MAX_LEN) | 361 | if (wi >= LOCAL_PART_MAX_LEN) |
| 362 | break; | 362 | break; |
| 363 | 363 | ||
| 364 | if (quoted) { | 364 | if (quoted) { |
| @@ -378,6 +378,8 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, | |||
| 378 | */ | 378 | */ |
| 379 | if (c == 9) | 379 | if (c == 9) |
| 380 | goto bad; | 380 | goto bad; |
| 381 | if (wi >= LOCAL_PART_MAX_LEN) | ||
| 382 | goto bad; | ||
| 381 | working[wi++] = c; | 383 | working[wi++] = c; |
| 382 | continue; /* all's good inside our quoted string */ | 384 | continue; /* all's good inside our quoted string */ |
| 383 | } | 385 | } |
| @@ -407,6 +409,8 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, | |||
| 407 | } | 409 | } |
| 408 | if (!local_part_ok(c)) | 410 | if (!local_part_ok(c)) |
| 409 | goto bad; | 411 | goto bad; |
| 412 | if (wi >= LOCAL_PART_MAX_LEN) | ||
| 413 | goto bad; | ||
| 410 | working[wi++] = c; | 414 | working[wi++] = c; |
| 411 | } | 415 | } |
| 412 | if (candidate_local == NULL || candidate_domain == NULL) | 416 | if (candidate_local == NULL || candidate_domain == NULL) |