forked from mirrors/nixpkgs
54 lines
1.2 KiB
Diff
54 lines
1.2 KiB
Diff
Based on upstream https://github.com/openbsd/src/commit/62ceddea5b1d64a1a362bbb7071d9e15adcde6b1
|
|
with paths switched to apply to libressl-portable and CVS header
|
|
hunk removed.
|
|
|
|
--- a/crypto/x509/x509_constraints.c
|
|
+++ b/crypto/x509/x509_constraints.c
|
|
@@ -339,16 +339,16 @@
|
|
if (c == '.')
|
|
goto bad;
|
|
}
|
|
- if (wi > DOMAIN_PART_MAX_LEN)
|
|
- goto bad;
|
|
if (accept) {
|
|
+ if (wi >= DOMAIN_PART_MAX_LEN)
|
|
+ goto bad;
|
|
working[wi++] = c;
|
|
accept = 0;
|
|
continue;
|
|
}
|
|
if (candidate_local != NULL) {
|
|
/* We are looking for the domain part */
|
|
- if (wi > DOMAIN_PART_MAX_LEN)
|
|
+ if (wi >= DOMAIN_PART_MAX_LEN)
|
|
goto bad;
|
|
working[wi++] = c;
|
|
if (i == len - 1) {
|
|
@@ -363,7 +363,7 @@
|
|
continue;
|
|
}
|
|
/* We are looking for the local part */
|
|
- if (wi > LOCAL_PART_MAX_LEN)
|
|
+ if (wi >= LOCAL_PART_MAX_LEN)
|
|
break;
|
|
|
|
if (quoted) {
|
|
@@ -383,6 +383,8 @@
|
|
*/
|
|
if (c == 9)
|
|
goto bad;
|
|
+ if (wi >= LOCAL_PART_MAX_LEN)
|
|
+ goto bad;
|
|
working[wi++] = c;
|
|
continue; /* all's good inside our quoted string */
|
|
}
|
|
@@ -412,6 +414,8 @@
|
|
}
|
|
if (!local_part_ok(c))
|
|
goto bad;
|
|
+ if (wi >= LOCAL_PART_MAX_LEN)
|
|
+ goto bad;
|
|
working[wi++] = c;
|
|
}
|
|
if (candidate_local == NULL || candidate_domain == NULL)
|