From 82c2bbdd9129cfb4d759c4b60c1a47d6e123f728 Mon Sep 17 00:00:00 2001 From: tb Date: Tue, 28 Dec 2021 15:59:13 +0000 Subject: [PATCH] Check for trailing garbage in X509_addr_get_afi() Per RFC 3779 2.2.3.3, the addressFamily field contains the 2-byte AFI and an optional 1-byte SAFI. Nothing else. The optional SAFI is nowhere exposed in the API. It is used expliclty only for pretty printing. There are implicit uses in a few places, notably for sorting/comparing where trailing garbage would be erroneously taken into account. Erroring in this situation will let us avoid this in upcoming revisions. ok inoguchi jsing --- lib/libcrypto/x509/x509_addr.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/libcrypto/x509/x509_addr.c b/lib/libcrypto/x509/x509_addr.c index 64dd8305148..fda73b304e1 100644 --- a/lib/libcrypto/x509/x509_addr.c +++ b/lib/libcrypto/x509/x509_addr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_addr.c,v 1.29 2021/12/28 15:49:11 tb Exp $ */ +/* $OpenBSD: x509_addr.c,v 1.30 2021/12/28 15:59:13 tb Exp $ */ /* * Contributed to the OpenSSL Project by the American Registry for * Internet Numbers ("ARIN"). @@ -354,6 +354,10 @@ X509v3_addr_get_afi(const IPAddressFamily *f) if (!CBS_get_u16(&cbs, &afi)) return 0; + /* One byte for the optional SAFI, everything else is garbage. */ + if (CBS_len(&cbs) > 1) + return 0; + return afi; } -- 2.20.1