From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 17 Oct 2025 08:12:50 +0000 (+0200)
Subject: openssl: fail if more than MAX_ALLOWED_CERT_AMOUNT certs
X-Git-Tag: rc-8_17_0-2~54
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3df71e6dc23e80466c2d448ceb7dc070addbea67;p=thirdparty%2Fcurl.git

openssl: fail if more than MAX_ALLOWED_CERT_AMOUNT certs

Detect and prevent abuse or mistakes. Limit set to 100.

Closes #19091
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 04bab2cbf1..d51022b664 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -349,6 +349,8 @@ static CURLcode X509V3_ext(struct Curl_easy *data,
   return result;
 }
 
+#define MAX_ALLOWED_CERT_AMOUNT 100
+
 static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl)
 {
   CURLcode result;
@@ -364,6 +366,11 @@ static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl)
     return CURLE_SSL_CONNECT_ERROR;
 
   numcerts = sk_X509_num(sk);
+  if(numcerts > MAX_ALLOWED_CERT_AMOUNT) {
+    failf(data, "%d certificates is more than allowed (%u)", (int)numcerts,
+          MAX_ALLOWED_CERT_AMOUNT);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
 
   result = Curl_ssl_init_certinfo(data, (int)numcerts);
   if(result)