artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: efb484e) | patch
Check for trailing garbage in X509_addr_get_afi()
authortb <tb@openbsd.org>
Tue, 28 Dec 2021 15:59:13 +0000 (15:59 +0000)
committertb <tb@openbsd.org>
Tue, 28 Dec 2021 15:59:13 +0000 (15:59 +0000)
commit82c2bbdd9129cfb4d759c4b60c1a47d6e123f728
treef4fd93b3bdadb80ab21090ed132fa96037e56511tree | snapshot
parentefb484e86f138b6e503aaecd54723db297a3576dcommit | diff
Check for trailing garbage in X509_addr_get_afi()

Per RFC 3779 2.2.3.3, the addressFamily field contains the 2-byte AFI
and an optional 1-byte SAFI. Nothing else. The optional SAFI is nowhere
exposed in the API. It is used expliclty only for pretty printing. There
are implicit uses in a few places, notably for sorting/comparing where
trailing garbage would be erroneously taken into account.

Erroring in this situation will let us avoid this in upcoming revisions.

ok inoguchi jsing
lib/libcrypto/x509/x509_addr.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim