Limit the number of RSC checklist FileNameAndHash entries the same way

as mft FileAndHash entries are checked.

ok claudio job

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 509b58c..5536919 100644 (file)
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: extern.h,v 1.140 2022/05/31 18:41:43 tb Exp $ */
+/*     $OpenBSD: extern.h,v 1.141 2022/06/01 10:59:21 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -701,6 +701,9 @@ int mkpathat(int, const char *);
 /* Maximum acceptable file size */
 #define MAX_FILE_SIZE          4000000
 
+/* Maximum number of FileNameAndHash entries per RSC checklist. */
+#define MAX_CHECKLIST_ENTRIES  100000
+
 /* Maximum number of FileAndHash entries per manifest. */
 #define MAX_MANIFEST_ENTRIES   100000
 

diff --git a/usr.sbin/rpki-client/rsc.c b/usr.sbin/rpki-client/rsc.c
index a4a735c..c8baa23 100644 (file)
--- a/usr.sbin/rpki-client/rsc.c
+++ b/usr.sbin/rpki-client/rsc.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rsc.c,v 1.7 2022/05/31 18:51:35 tb Exp $ */
+/*     $OpenBSD: rsc.c,v 1.8 2022/06/01 10:59:21 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2022 Job Snijders <job@fastly.com>
@@ -279,6 +279,12 @@ rsc_parse_checklist(struct parse *p, const STACK_OF(FileNameAndHash) *checkList)
                return 0;
        }
 
+       if (sz >= MAX_CHECKLIST_ENTRIES) {
+               warnx("%s: %zu exceeds checklist entry limit (%d)", p->fn, sz,
+                   MAX_CHECKLIST_ENTRIES);
+               return 0;
+       }
+
        p->res->files = calloc(sz, sizeof(struct rscfile));
        if (p->res->files == NULL)
                err(1, NULL);