blob: 244792567192a741f184171b28fbb57e8e01e7ca (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
Based on upstream https://github.com/openbsd/src/commit/62ceddea5b1d64a1a362bbb7071d9e15adcde6b1
with paths switched to apply to libressl-portable and CVS header
hunk removed.
--- a/crypto/x509/x509_constraints.c
+++ b/crypto/x509/x509_constraints.c
@@ -339,16 +339,16 @@
if (c == '.')
goto bad;
}
- if (wi > DOMAIN_PART_MAX_LEN)
- goto bad;
if (accept) {
+ if (wi >= DOMAIN_PART_MAX_LEN)
+ goto bad;
working[wi++] = c;
accept = 0;
continue;
}
if (candidate_local != NULL) {
/* We are looking for the domain part */
- if (wi > DOMAIN_PART_MAX_LEN)
+ if (wi >= DOMAIN_PART_MAX_LEN)
goto bad;
working[wi++] = c;
if (i == len - 1) {
@@ -363,7 +363,7 @@
continue;
}
/* We are looking for the local part */
- if (wi > LOCAL_PART_MAX_LEN)
+ if (wi >= LOCAL_PART_MAX_LEN)
break;
if (quoted) {
@@ -383,6 +383,8 @@
*/
if (c == 9)
goto bad;
+ if (wi >= LOCAL_PART_MAX_LEN)
+ goto bad;
working[wi++] = c;
continue; /* all's good inside our quoted string */
}
@@ -412,6 +414,8 @@
}
if (!local_part_ok(c))
goto bad;
+ if (wi >= LOCAL_PART_MAX_LEN)
+ goto bad;
working[wi++] = c;
}
if (candidate_local == NULL || candidate_domain == NULL)
|