-/* $OpenBSD: x509_constraints.c,v 1.12 2020/11/25 21:17:52 tb Exp $ */
+/* $OpenBSD: x509_constraints.c,v 1.13 2021/03/12 15:53:38 tb Exp $ */
/*
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
*
}
struct x509_constraints_names *
-x509_constraints_names_new()
+x509_constraints_names_new(size_t names_max)
{
- return (calloc(1, sizeof(struct x509_constraints_names)));
+ struct x509_constraints_names *new;
+
+ if ((new = calloc(1, sizeof(struct x509_constraints_names))) == NULL)
+ return NULL;
+
+ new->names_max = names_max;
+
+ return new;
}
void
{
size_t i = names->names_count;
+ if (names->names_count >= names->names_max)
+ return 0;
if (names->names_count == names->names_len) {
struct x509_constraints_name **tmp;
if ((tmp = recallocarray(names->names, names->names_len,
if (names == NULL)
return NULL;
- if ((new = x509_constraints_names_new()) == NULL)
+ if ((new = x509_constraints_names_new(names->names_max)) == NULL)
goto err;
+
for (i = 0; i < names->names_count; i++) {
if ((name = x509_constraints_name_dup(names->names[i])) == NULL)
goto err;
if (!x509_constraints_names_add(new, name))
goto err;
}
+
return new;
err:
x509_constraints_names_free(new);
goto err;
if (chain_length == 1)
return 1;
- if ((names = x509_constraints_names_new()) == NULL) {
+ if ((names = x509_constraints_names_new(
+ X509_VERIFY_MAX_CHAIN_NAMES)) == NULL) {
verify_err = X509_V_ERR_OUT_OF_MEM;
goto err;
}
if ((cert = sk_X509_value(chain, i)) == NULL)
goto err;
if (cert->nc != NULL) {
- if ((permitted =
- x509_constraints_names_new()) == NULL) {
+ if ((permitted = x509_constraints_names_new(
+ X509_VERIFY_MAX_CHAIN_CONSTRAINTS)) == NULL) {
verify_err = X509_V_ERR_OUT_OF_MEM;
goto err;
}
- if ((excluded =
- x509_constraints_names_new()) == NULL) {
+ if ((excluded = x509_constraints_names_new(
+ X509_VERIFY_MAX_CHAIN_CONSTRAINTS)) == NULL) {
verify_err = X509_V_ERR_OUT_OF_MEM;
goto err;
}
if (!x509_constraints_extract_names(names, cert, 0,
&verify_err))
goto err;
- if (names->names_count > X509_VERIFY_MAX_CHAIN_NAMES) {
- verify_err = X509_V_ERR_OUT_OF_MEM;
- goto err;
- }
}
x509_constraints_names_free(names);
-/* $OpenBSD: x509_internal.h,v 1.6 2021/01/05 16:45:59 jsing Exp $ */
+/* $OpenBSD: x509_internal.h,v 1.7 2021/03/12 15:53:38 tb Exp $ */
/*
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
*
struct x509_constraints_names {
struct x509_constraints_name **names;
- size_t names_len;
size_t names_count;
+ size_t names_len;
+ size_t names_max;
};
struct x509_verify_chain {
struct x509_constraints_names *x509_constraints_names_dup(
struct x509_constraints_names *names);
void x509_constraints_names_clear(struct x509_constraints_names *names);
-struct x509_constraints_names *x509_constraints_names_new(void);
+struct x509_constraints_names *x509_constraints_names_new(size_t names_max);
void x509_constraints_names_free(struct x509_constraints_names *names);
int x509_constraints_valid_host(uint8_t *name, size_t len);
int x509_constraints_valid_sandns(uint8_t *name, size_t len);
-/* $OpenBSD: x509_verify.c,v 1.34 2021/02/26 15:19:41 tb Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.35 2021/03/12 15:53:38 tb Exp $ */
/*
* Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
*
if ((chain->cert_errors = calloc(X509_VERIFY_MAX_CHAIN_CERTS,
sizeof(int))) == NULL)
goto err;
- if ((chain->names = x509_constraints_names_new()) == NULL)
+ if ((chain->names =
+ x509_constraints_names_new(X509_VERIFY_MAX_CHAIN_NAMES)) == NULL)
goto err;
return chain;
return 1;
if (cert->nc != NULL) {
- if ((permitted = x509_constraints_names_new()) == NULL) {
+ if ((permitted = x509_constraints_names_new(
+ X509_VERIFY_MAX_CHAIN_CONSTRAINTS)) == NULL) {
err = X509_V_ERR_OUT_OF_MEM;
goto err;
}
- if ((excluded = x509_constraints_names_new()) == NULL) {
+ if ((excluded = x509_constraints_names_new(
+ X509_VERIFY_MAX_CHAIN_CONSTRAINTS)) == NULL) {
err = X509_V_ERR_OUT_OF_MEM;
goto err;
}
projects / openbsd / commitdiff