Limit how many FileAndHash entries a single manifest may contain

OK claudio@

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 685acdb..77a3aa2 100644 (file)
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: extern.h,v 1.84 2021/10/28 11:57:00 claudio Exp $ */
+/*     $OpenBSD: extern.h,v 1.85 2021/10/28 13:51:42 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -622,4 +622,9 @@ int mkpath(const char *);
  */
 #define MAX_FILE_SIZE 2000000
 
+/*
+ * Maximum number of FileAndHash entries per Manifest.
+ */
+#define        MAX_MANIFEST_ENTRIES    100000
+
 #endif /* ! EXTERN_H */

diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c
index 0ab7f4f..77e16c4 100644 (file)
--- a/usr.sbin/rpki-client/mft.c
+++ b/usr.sbin/rpki-client/mft.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: mft.c,v 1.41 2021/10/26 10:52:50 claudio Exp $ */
+/*     $OpenBSD: mft.c,v 1.42 2021/10/28 13:51:42 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -228,6 +228,12 @@ mft_parse_flist(struct parse *p, const ASN1_OCTET_STRING *os)
                goto out;
        }
 
+       if (sk_ASN1_TYPE_num(seq) > MAX_MANIFEST_ENTRIES) {
+               warnx("%s: %d exceeds manifest entry limit (%d)", p->fn,
+                   sk_ASN1_TYPE_num(seq), MAX_MANIFEST_ENTRIES);
+               goto out;
+       }
+
        p->res->files = calloc(sk_ASN1_TYPE_num(seq), sizeof(struct mftfile));
        if (p->res->files == NULL)
                err(1, NULL);
@@ -244,7 +250,7 @@ mft_parse_flist(struct parse *p, const ASN1_OCTET_STRING *os)
        }
 
        rc = 1;
-out:
+ out:
        sk_ASN1_TYPE_pop_free(seq, ASN1_TYPE_free);
        return rc;
 }