From 1c8c34c88e6b2f55adea456608da4c6ef005cd25 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 14 Dec 2025 00:13:27 +0100 Subject: [PATCH] schannel: cap the maximum allowed size for loading cert To avoid problems with mistakes or abuse, cap the largest allowed certificate size to load to CURL_MAX_INPUT_LENGTH bytes (8MB). Closes #19964 --- lib/vtls/schannel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index f1b47cb47f..6159d90ab5 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -588,7 +588,7 @@ static CURLcode schannel_acquire_credential_handle(struct Curl_cfilter *cf, certsize = (size_t)cert_tell; if(continue_reading) continue_reading = fseek(fInCert, 0, SEEK_SET) == 0; - if(continue_reading) + if(continue_reading && (certsize < CURL_MAX_INPUT_LENGTH)) certdata = curlx_malloc(certsize + 1); if((!certdata) || ((int) fread(certdata, certsize, 1, fInCert) != 1)) -- 2.47.3