Fix checks of memory caps of constraints names - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	tb <tb@openbsd.org>	2021-03-12 15:53:38 +0000
committer	tb <tb@openbsd.org>	2021-03-12 15:53:38 +0000
commit	42f3108a7d2860fcc392d6a69a9ad058abd50338 (patch)
tree	fc0d662f9b8824d2f0cb3d699455c1daf354128d /sys/dev/pci/if_ipw.c
parent	Update Spleen kernel fonts to version 1.9.0, bringing the following (diff)
download	wireguard-openbsd-42f3108a7d2860fcc392d6a69a9ad058abd50338.tar.xz wireguard-openbsd-42f3108a7d2860fcc392d6a69a9ad058abd50338.zip

Fix checks of memory caps of constraints names

x509_internal.h defines caps on the number of name constraints and other names (such as subjectAltNames) that we want to allocate per cert chain. These limits are checked too late. In a particularly silly cert that jan found on ugos.ugm.ac.id 443, we ended up allocating six times 2048 x509_constraint_name structures before deciding that these are more than 512. Fix this by adding a names_max member to x509_constraints_names which is set on allocation against which each addition of a name is checked. cluebat/ok jsing ok inoguchi on earlier version

Diffstat (limited to 'sys/dev/pci/if_ipw.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: