diff options
| author | June McEnroe <june@causal.agency> | 2026-06-01 14:50:25 -0400 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2026-06-01 14:50:25 -0400 |
| commit | 8a5bd6dcd6f7780354ed2e297edfddfec0273253 (patch) | |
| tree | d6a47d1f9ce63cf523a845f426d0b879bc008eda /tls_keypair.c | |
| parent | Import LibreSSL 4.2.1 (diff) | |
| download | libretls-8a5bd6dcd6f7780354ed2e297edfddfec0273253.tar.gz libretls-8a5bd6dcd6f7780354ed2e297edfddfec0273253.zip | |
Import LibreSSL 4.3.0
Diffstat (limited to '')
| -rw-r--r-- | tls_keypair.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/tls_keypair.c b/tls_keypair.c index ffda91d..8b1beda 100644 --- a/tls_keypair.c +++ b/tls_keypair.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_keypair.c,v 1.9 2024/03/26 06:24:52 joshua Exp $ */ +/* $OpenBSD: tls_keypair.c,v 1.12 2026/04/16 07:29:53 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -144,13 +144,18 @@ tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error, *cert = NULL; if (keypair->cert_mem == NULL) { - tls_error_set(error, TLS_ERROR_UNKNOWN, + tls_error_setx(error, TLS_ERROR_UNKNOWN, "keypair has no certificate"); goto err; } + if (keypair->cert_len > INT_MAX) { + tls_error_setx(error, TLS_ERROR_INVALID_ARGUMENT, + "certificate too long"); + goto err; + } if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem, keypair->cert_len)) == NULL) { - tls_error_set(error, TLS_ERROR_UNKNOWN, + tls_error_setx(error, TLS_ERROR_UNKNOWN, "failed to create certificate bio"); goto err; } @@ -158,7 +163,7 @@ tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error, NULL)) == NULL) { if ((ssl_err = ERR_peek_error()) != 0) errstr = ERR_error_string(ssl_err, NULL); - tls_error_set(error, TLS_ERROR_UNKNOWN, + tls_error_setx(error, TLS_ERROR_UNKNOWN, "failed to load certificate: %s", errstr); goto err; } |