artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f529149) | patch
rpki-client: ensure there is no trailing garbage in signed objects
authortb <tb@openbsd.org>
Tue, 21 Feb 2023 10:18:47 +0000 (10:18 +0000)
committertb <tb@openbsd.org>
Tue, 21 Feb 2023 10:18:47 +0000 (10:18 +0000)
commit797cceee728f53256e7696af4456493737a92932
treea252324dad4e8fc9ba3c8b590fbcb3d702adba04tree | snapshot
parentf5291493f82d538e1c1c2f0b06fed2a3c1439aafcommit | diff
rpki-client: ensure there is no trailing garbage in signed objects

The d2i functions are designed in such a way that the caller is responsible
to check if the entire buffer was consumed. Add checks on deserializing a
signed object to ensure the entire file has been consumed. Reject the file
if it has trailing garbage.

found by & ok job, ok claudio
usr.sbin/rpki-client/cert.c diff | blob | history
usr.sbin/rpki-client/cms.c diff | blob | history
usr.sbin/rpki-client/crl.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim