From: tb <tb@openbsd.org>
Date: Wed, 1 Jun 2022 10:59:21 +0000 (+0000)
Subject: Limit the number of RSC checklist FileNameAndHash entries the same way
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c891374240e2a6159e0597f718c281ea9d64bd84;p=openbsd

Limit the number of RSC checklist FileNameAndHash entries the same way
as mft FileAndHash entries are checked.

ok claudio job
---

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 509b58c8b0c..5536919e241 100644
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: extern.h,v 1.140 2022/05/31 18:41:43 tb Exp $ */
+/*	$OpenBSD: extern.h,v 1.141 2022/06/01 10:59:21 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -701,6 +701,9 @@ int	mkpathat(int, const char *);
 /* Maximum acceptable file size */
 #define MAX_FILE_SIZE		4000000
 
+/* Maximum number of FileNameAndHash entries per RSC checklist. */
+#define MAX_CHECKLIST_ENTRIES	100000
+
 /* Maximum number of FileAndHash entries per manifest. */
 #define MAX_MANIFEST_ENTRIES	100000
 
diff --git a/usr.sbin/rpki-client/rsc.c b/usr.sbin/rpki-client/rsc.c
index a4a735c2f74..c8baa236194 100644
--- a/usr.sbin/rpki-client/rsc.c
+++ b/usr.sbin/rpki-client/rsc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rsc.c,v 1.7 2022/05/31 18:51:35 tb Exp $ */
+/*	$OpenBSD: rsc.c,v 1.8 2022/06/01 10:59:21 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2022 Job Snijders <job@fastly.com>
@@ -279,6 +279,12 @@ rsc_parse_checklist(struct parse *p, const STACK_OF(FileNameAndHash) *checkList)
 		return 0;
 	}
 
+	if (sz >= MAX_CHECKLIST_ENTRIES) {
+		warnx("%s: %zu exceeds checklist entry limit (%d)", p->fn, sz,
+		    MAX_CHECKLIST_ENTRIES);
+		return 0;
+	}
+
 	p->res->files = calloc(sz, sizeof(struct rscfile));
 	if (p->res->files == NULL)
 		err(1, NULL);