artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 300f71d) | patch
Check whether all data in eContent has been consumed
authorjob <job@openbsd.org>
Mon, 5 Feb 2024 19:23:58 +0000 (19:23 +0000)
committerjob <job@openbsd.org>
Mon, 5 Feb 2024 19:23:58 +0000 (19:23 +0000)
commitd115f50d217404079b89805fc41a8002bc6376ba
tree50729a654d99f914c17e7188b11e99a7b53eff7ctree | snapshot
parent300f71d4587176ff7ed78929d66ee03729608f53commit | diff
Check whether all data in eContent has been consumed

It is possible that a given ASN.1 template generated d2i_*() function
didn't consume all data, so there is a potential for malleability.
The econtent is a sequence (which means it could be the concatenation
of several DER "blobs"). d2i_*() would only deserialize the first one
and not notice blobs following it.

OK tb@
usr.sbin/rpki-client/aspa.c diff | blob | history
usr.sbin/rpki-client/mft.c diff | blob | history
usr.sbin/rpki-client/roa.c diff | blob | history
usr.sbin/rpki-client/rsc.c diff | blob | history
usr.sbin/rpki-client/tak.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim