aboutsummaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus@rgdd.se>2023-03-18 14:09:32 +0100
committerRasmus Dahlberg <rasmus@rgdd.se>2023-03-18 14:09:32 +0100
commit5ce81d77f5ede0cb855c232196abd6739388af86 (patch)
treeb60564bea21539af191e3c93a43fb1f8052825ad /internal
parent86bdffab068177a42fe9a813ce85f1dd1d9435bc (diff)
check that sans don't contain new lines
Diffstat (limited to 'internal')
-rw-r--r--internal/x509/x509.go9
1 files changed, 7 insertions, 2 deletions
diff --git a/internal/x509/x509.go b/internal/x509/x509.go
index 949199d..ce4be0c 100644
--- a/internal/x509/x509.go
+++ b/internal/x509/x509.go
@@ -401,6 +401,7 @@ package x509
import (
"fmt"
+ "strings"
ct "github.com/google/certificate-transparency-go"
"github.com/google/certificate-transparency-go/asn1"
@@ -479,8 +480,12 @@ func extract(extSAN pkix.Extension) ([]string, error) {
if err != nil {
return nil, fmt.Errorf("failed to parse subjectAltName extension item: %v", err)
}
-
- sans = append(sans, string(val.Bytes))
+ san := string(val.Bytes)
+ if strings.Contains(san, "\n") {
+ // new-line would be bad for our data set because it is line-terminated
+ return nil, fmt.Errorf("found SAN that contains new line: %x", val.Bytes)
+ }
+ sans = append(sans, san)
}
return sans, nil
}