e31e0123ea
This adds an explicit limit to the size of an X509_NAME structure. Some part of OpenSSL (e.g. TLS) already effectively limit the size due to restrictions on certificate size. See also upstream's 65cb92f4da37a3895437f0c9940ee0bcf9f28c8a, although this is different from upstream's. Upstream's version bounds both the X509_NAME *and* any data after it in the immediately containing structure. While adding a bound on all of crypto/asn1 is almost certainly a good idea (will look into that for a follow-up), it seems bizarre and unnecessary to have X509_NAME affect its parent. Change-Id: Ica2136bcd1455d7c501ccc6ef2a19bc5ed042501 Reviewed-on: https://boringssl-review.googlesource.com/7846 Reviewed-by: Adam Langley <agl@google.com> |
||
|---|---|---|
| .. | ||
| a_digest.c | ||
| a_sign.c | ||
| a_strex.c | ||
| a_verify.c | ||
| algorithm.c | ||
| asn1_gen.c | ||
| by_dir.c | ||
| by_file.c | ||
| charmap.h | ||
| CMakeLists.txt | ||
| i2d_pr.c | ||
| internal.h | ||
| pkcs7_test.c | ||
| pkcs7.c | ||
| rsa_pss.c | ||
| t_crl.c | ||
| t_req.c | ||
| t_x509.c | ||
| t_x509a.c | ||
| vpm_int.h | ||
| x509_att.c | ||
| x509_cmp.c | ||
| x509_d2.c | ||
| x509_def.c | ||
| x509_ext.c | ||
| x509_lu.c | ||
| x509_obj.c | ||
| x509_r2x.c | ||
| x509_req.c | ||
| x509_set.c | ||
| x509_test.cc | ||
| x509_trs.c | ||
| x509_txt.c | ||
| x509_v3.c | ||
| x509_vfy.c | ||
| x509_vpm.c | ||
| x509.c | ||
| x509cset.c | ||
| x509name.c | ||
| x509rset.c | ||
| x509spki.c | ||
| x509type.c | ||
| x_algor.c | ||
| x_all.c | ||
| x_attrib.c | ||
| x_crl.c | ||
| x_exten.c | ||
| x_info.c | ||
| x_name.c | ||
| x_pkey.c | ||
| x_pubkey.c | ||
| x_req.c | ||
| x_sig.c | ||
| x_spki.c | ||
| x_val.c | ||
| x_x509.c | ||
| x_x509a.c | ||