From 86832a4c4e5fcf4cd66e86f4e66b82688558f06a Mon Sep 17 00:00:00 2001 From: claudio Date: Wed, 3 Nov 2021 10:50:18 +0000 Subject: [PATCH] Move the MAX_CERT_DEPTH to extern.h and adjust the comments of all limits a bit. --- usr.sbin/rpki-client/extern.h | 22 ++++++++-------------- usr.sbin/rpki-client/parser.c | 5 +---- 2 files changed, 9 insertions(+), 18 deletions(-) diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index 70d5c7d9b4c..28e511993dc 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.88 2021/11/01 17:00:34 claudio Exp $ */ +/* $OpenBSD: extern.h,v 1.89 2021/11/03 10:50:18 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -602,26 +602,20 @@ int mkpath(const char *); #define RPKI_PATH_OUT_DIR "/var/db/rpki-client" #define RPKI_PATH_BASE_DIR "/var/cache/rpki-client" -/* - * Maximum number of ip ranges and AS ranges we will accept in - * any single file - */ +/* Maximum number of IP and AS ranges accepted in any single file */ #define MAX_IP_SIZE 200000 #define MAX_AS_SIZE 200000 -/* - * Maximum URI length we will accept - */ +/* Maximum acceptable URI length */ #define MAX_URI_LENGTH 2048 -/* - * Maximum File Size we will accept - */ +/* Maximum acceptable file size */ #define MAX_FILE_SIZE 2000000 -/* - * Maximum number of FileAndHash entries per Manifest. - */ +/* Maximum number of FileAndHash entries per manifest. */ #define MAX_MANIFEST_ENTRIES 100000 +/* Maximum depth of the RPKI tree. */ +#define MAX_CERT_DEPTH 12 + #endif /* ! EXTERN_H */ diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c index 63186af5e78..b403434772e 100644 --- a/usr.sbin/rpki-client/parser.c +++ b/usr.sbin/rpki-client/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.25 2021/11/03 10:19:22 claudio Exp $ */ +/* $OpenBSD: parser.c,v 1.26 2021/11/03 10:50:18 claudio Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -41,9 +41,6 @@ static void build_chain(const struct auth *, STACK_OF(X509) **); static struct crl *get_crl(const struct auth *); static void build_crls(const struct crl *, STACK_OF(X509_CRL) **); -/* Limit how deep the RPKI tree can be. */ -#define MAX_CERT_DEPTH 12 - static X509_STORE_CTX *ctx; static struct auth_tree auths = RB_INITIALIZER(&auths); static struct crl_tree crlt = RB_INITIALIZER(&crlt); -- 2.20.1