CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2023/02/21 03:18:47
Modified files:
usr.sbin/rpki-client: cert.c cms.c crl.c
Log message:
rpki-client: ensure there is no trailing garbage in signed objects
The d2i functions are designed in such a way that the caller is responsible
to check if the entire buffer was consumed. Add checks on deserializing a
signed object to ensure the entire file has been consumed. Reject the file
if it has trailing garbage.
found by & ok job, ok claudio
