diff options
Diffstat (limited to 'src/lib/libcrypto/x509')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_constraints.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c index fade58c620..db33bf1aa4 100644 --- a/src/lib/libcrypto/x509/x509_constraints.c +++ b/src/lib/libcrypto/x509/x509_constraints.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_constraints.c,v 1.16 2021/04/27 03:35:29 beck Exp $ */ | 1 | /* $OpenBSD: x509_constraints.c,v 1.17 2021/09/23 15:49:48 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -339,16 +339,16 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, | |||
| 339 | if (c == '.') | 339 | if (c == '.') |
| 340 | goto bad; | 340 | goto bad; |
| 341 | } | 341 | } |
| 342 | if (wi > DOMAIN_PART_MAX_LEN) | ||
| 343 | goto bad; | ||
| 344 | if (accept) { | 342 | if (accept) { |
| 343 | if (wi >= DOMAIN_PART_MAX_LEN) | ||
| 344 | goto bad; | ||
| 345 | working[wi++] = c; | 345 | working[wi++] = c; |
| 346 | accept = 0; | 346 | accept = 0; |
| 347 | continue; | 347 | continue; |
| 348 | } | 348 | } |
| 349 | if (candidate_local != NULL) { | 349 | if (candidate_local != NULL) { |
| 350 | /* We are looking for the domain part */ | 350 | /* We are looking for the domain part */ |
| 351 | if (wi > DOMAIN_PART_MAX_LEN) | 351 | if (wi >= DOMAIN_PART_MAX_LEN) |
| 352 | goto bad; | 352 | goto bad; |
| 353 | working[wi++] = c; | 353 | working[wi++] = c; |
| 354 | if (i == len - 1) { | 354 | if (i == len - 1) { |
| @@ -363,7 +363,7 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, | |||
| 363 | continue; | 363 | continue; |
| 364 | } | 364 | } |
| 365 | /* We are looking for the local part */ | 365 | /* We are looking for the local part */ |
| 366 | if (wi > LOCAL_PART_MAX_LEN) | 366 | if (wi >= LOCAL_PART_MAX_LEN) |
| 367 | break; | 367 | break; |
| 368 | 368 | ||
| 369 | if (quoted) { | 369 | if (quoted) { |
| @@ -383,6 +383,8 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, | |||
| 383 | */ | 383 | */ |
| 384 | if (c == 9) | 384 | if (c == 9) |
| 385 | goto bad; | 385 | goto bad; |
| 386 | if (wi >= LOCAL_PART_MAX_LEN) | ||
| 387 | goto bad; | ||
| 386 | working[wi++] = c; | 388 | working[wi++] = c; |
| 387 | continue; /* all's good inside our quoted string */ | 389 | continue; /* all's good inside our quoted string */ |
| 388 | } | 390 | } |
| @@ -412,6 +414,8 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, | |||
| 412 | } | 414 | } |
| 413 | if (!local_part_ok(c)) | 415 | if (!local_part_ok(c)) |
| 414 | goto bad; | 416 | goto bad; |
| 417 | if (wi >= LOCAL_PART_MAX_LEN) | ||
| 418 | goto bad; | ||
| 415 | working[wi++] = c; | 419 | working[wi++] = c; |
| 416 | } | 420 | } |
| 417 | if (candidate_local == NULL || candidate_domain == NULL) | 421 | if (candidate_local == NULL || candidate_domain == NULL) |