luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34cf9d54a4
curl/lib/vtls
History
Stefan Eissing 65fca12e63
x509asn1: add parse recursion limit 
For ASN.1 tags with indefinite length, curl's own parser for TLS
backends that do not support certificate inspection calls itself
recursively. A malicious server certificate can then lead to high
recursion level exhausting the stack space.

This PR limits the recursion level to 16 which should be safe on all
architectures.

Added unit test 1657 to verify behaviour.

Fixes #16135
Reported-by: z2_
Closes #16137
2025-02-03 20:10:09 +01:00
..
.checksrc checksrc: use 'banfunc' proper in more places 2025-01-13 09:10:58 +01:00
bearssl.c vtls: only remember the expiry timestamp in session cache 2024-12-30 16:14:52 +01:00
bearssl.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
cipher_suite.c lib: use bool/TRUE/FALSE properly 2024-10-03 09:31:56 +02:00
cipher_suite.h rustls: add support for setting TLS version and ciphers 2024-08-16 09:55:02 +02:00
gtls.c GnuTLS: fix 'time_appconnect' for early data 2025-01-09 17:27:10 +01:00
gtls.h vtls: only remember the expiry timestamp in session cache 2024-12-30 16:14:52 +01:00
hostcheck.c code: language cleanup in comments 2024-07-01 22:58:55 +02:00
hostcheck.h code: language cleanup in comments 2024-07-01 22:58:55 +02:00
keylog.c lib: use bool/TRUE/FALSE properly 2024-10-03 09:31:56 +02:00
keylog.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
mbedtls_threadlock.c mbedtls: properly cleanup the thread-shared entropy 2024-03-12 03:09:37 -04:00
mbedtls_threadlock.h tidy-up: one comment and EOF newlines 2024-03-12 15:38:44 +00:00
mbedtls.c mbedtls: PSA can be used independently of TLS 1.3 (avoid runtime errors) 2025-01-29 08:54:10 +01:00
mbedtls.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
openssl.c openssl: define HAVE_KEYLOG_CALLBACK before use 2025-01-28 11:15:10 +01:00
openssl.h openssl: define HAVE_KEYLOG_CALLBACK before use 2025-01-28 11:15:10 +01:00
rustls.c vtls: remove 'detach/attach' functions from TLS handler struct 2024-12-18 15:52:03 +01:00
rustls.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
schannel_int.h schannel: fix TLS cert verification by IP SAN 2024-10-31 08:59:37 +01:00
schannel_verify.c tool_getpass: restore UWP getpass_r(), fixup CI builds, fix UWP -Wnull-dereference 2024-11-26 13:01:57 +01:00
schannel.c windows: drop dupe macros, detect CURL_OS for WinCE ARM, indentation 2025-01-17 12:56:43 +01:00
schannel.h msvc: add missing push/pop for warning pragmas 2025-01-27 20:59:47 +01:00
sectransp.c lib: TLS session ticket caching reworked 2024-12-20 14:59:23 +01:00
sectransp.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
vtls_int.h lib: TLS session ticket caching reworked 2024-12-20 14:59:23 +01:00
vtls_scache.c vtls_scache: fix possible null ptr deref 2025-01-09 17:25:48 +01:00
vtls_scache.h multihandle: add an ssl_scache here 2025-01-13 10:32:03 +01:00
vtls_spack.c vtls: feature ssls-export for SSL session im-/export 2025-01-08 23:32:07 +01:00
vtls_spack.h vtls: feature ssls-export for SSL session im-/export 2025-01-08 23:32:07 +01:00
vtls.c vtls: fix default SSL backend as a fallback 2025-01-28 03:29:35 -05:00
vtls.h lib: TLS session ticket caching reworked 2024-12-20 14:59:23 +01:00
wolfssl.c tidy-up: drop parenthesis around return expression 2025-01-14 12:11:42 +01:00
wolfssl.h lib: TLS session ticket caching reworked 2024-12-20 14:59:23 +01:00
x509asn1.c x509asn1: add parse recursion limit 2025-02-03 20:10:09 +01:00
x509asn1.h x509asn1: add parse recursion limit 2025-02-03 20:10:09 +01:00