git.ipfire.org Git - thirdparty/curl.git/commit

]> git.ipfire.org Git - thirdparty/curl.git/commit

projects / thirdparty / curl.git / commit

author	Daniel Stenberg <daniel@haxx.se>
	Fri, 14 Mar 2025 07:28:02 +0000 (08:28 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Fri, 14 Mar 2025 08:11:36 +0000 (09:11 +0100)
commit	116f490c81908f09432d45824c9ae62c26a13bd9
tree	43c49677127763d299596a93acc13f3b385168a6	tree
parent	27e07b2943ca4ab3f8e4910466231f822299421d	commit \| diff

rustls: cap maximum allowed CRL file size to 8MB

Allowing 4GB on a 32-bit system is just asking for problems and could in
theory cause integer overflow in the dynbuf code.

The dynbuf now has an assert to catch code trying to set a max larger
than half SIZE_T_MAX.

Reported-by: Rinku Das
Closes #16716

lib/dynbuf.c		diff \| blob \| blame \| history
lib/dynbuf.h		diff \| blob \| blame \| history
lib/vtls/rustls.c		diff \| blob \| blame \| history

Mirror of https://github.com/curl/curl.git

RSS Atom