CVSROOT: /cvs
Module name: src
Changes by: j...@cvs.openbsd.org 2024/02/05 12:23:58
Modified files:
usr.sbin/rpki-client: aspa.c mft.c roa.c rsc.c tak.c
Log message:
Check whether all data in eContent has been consumed
It is possible that a given ASN.1 template generated d2i_*() function
didn't consume all data, so there is a potential for malleability.
The econtent is a sequence (which means it could be the concatenation
of several DER "blobs"). d2i_*() would only deserialize the first one
and not notice blobs following it.
OK tb@
