CVSROOT: /cvs Module name: src Changes by: j...@cvs.openbsd.org 2024/02/05 12:23:58
Modified files: usr.sbin/rpki-client: aspa.c mft.c roa.c rsc.c tak.c Log message: Check whether all data in eContent has been consumed It is possible that a given ASN.1 template generated d2i_*() function didn't consume all data, so there is a potential for malleability. The econtent is a sequence (which means it could be the concatenation of several DER "blobs"). d2i_*() would only deserialize the first one and not notice blobs following it. OK tb@