rustls: cap maximum allowed CRL file size to 8MB #16716
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allowing 4GB on a 32-bit system is just asking for problems and could in theory cause integer overflow in the dynbuf code. The dynbuf now has an assert to catch code trying to set a max larger than 100MB, as it seems large enough for most buffers. Reported-by: Rinku Das
|
Was 8mb picked based on any particular logic? I suspect it might be too small. I have some tooling leftover from when I was implementing CRL support in the |
|
No, it was completely picked out of the air. Let me bump it to... 400MB instead. |
bagder
added a commit
that referenced
this pull request
Mar 14, 2025
Ref: #16716 (comment) > I have some tooling leftover from when I was implementing CRL support > in the webpki crate that downloaded every CRL I could find referenced > in ccadb (without doing any special filtering for defunct CAs/CRLs > mind you) and found CRLs that spanned the range from very small > (<1mb), to medium sized (11 .. 22mb) to very large (100mb). Reported-by: Daniel McCarney
bagder
added a commit
that referenced
this pull request
Mar 14, 2025
Follow-up to 00fc556 Ref: #16716 (comment) > I have some tooling leftover from when I was implementing CRL support > in the webpki crate that downloaded every CRL I could find referenced > in ccadb (without doing any special filtering for defunct CAs/CRLs > mind you) and found CRLs that spanned the range from very small > (<1mb), to medium sized (11 .. 22mb) to very large (100mb). Reported-by: Daniel McCarney Closes #16724
pps83
pushed a commit
to pps83/curl
that referenced
this pull request
Apr 26, 2025
Allowing 4GB on a 32-bit system is just asking for problems and could in theory cause integer overflow in the dynbuf code. The dynbuf now has an assert to catch code trying to set a max larger than half SIZE_T_MAX. Reported-by: Rinku Das Closes curl#16716
pps83
pushed a commit
to pps83/curl
that referenced
this pull request
Apr 26, 2025
Follow-up to 00fc556 Ref: curl#16716 (comment) > I have some tooling leftover from when I was implementing CRL support > in the webpki crate that downloaded every CRL I could find referenced > in ccadb (without doing any special filtering for defunct CAs/CRLs > mind you) and found CRLs that spanned the range from very small > (<1mb), to medium sized (11 .. 22mb) to very large (100mb). Reported-by: Daniel McCarney Closes curl#16724
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Allowing 4GB on a 32-bit system is just asking for problems and could in theory cause integer overflow in the dynbuf code.
The dynbuf now has an assert to catch code trying to set a max larger than 100MB, as it seems large enough for most buffers.
Reported-by: Rinku Das