CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2024/10/07 06:18:31
Modified files:
usr.sbin/rpki-client: x509.c
Log message:
rpki-client: fix seqnum upper bound
An ASN1_INTEGER doesn't contain the ASN.1 encoding in its data. It contains
a BIGNUM. In particular, there's no padding octet for integers with the top
bit of the top octet set. Do the check the dumb way and check all the parts
individually: non-negative, not larger than 20 octets and bit 159 not set.
Reported by Tom Harrison
ok claudio job
