diff options
author | Rasmus Dahlberg <rasmus@rgdd.se> | 2023-03-18 14:09:32 +0100 |
---|---|---|
committer | Rasmus Dahlberg <rasmus@rgdd.se> | 2023-03-18 14:09:32 +0100 |
commit | 5ce81d77f5ede0cb855c232196abd6739388af86 (patch) | |
tree | b60564bea21539af191e3c93a43fb1f8052825ad /internal | |
parent | 86bdffab068177a42fe9a813ce85f1dd1d9435bc (diff) |
check that sans don't contain new lines
Diffstat (limited to 'internal')
-rw-r--r-- | internal/x509/x509.go | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/internal/x509/x509.go b/internal/x509/x509.go index 949199d..ce4be0c 100644 --- a/internal/x509/x509.go +++ b/internal/x509/x509.go @@ -401,6 +401,7 @@ package x509 import ( "fmt" + "strings" ct "github.com/google/certificate-transparency-go" "github.com/google/certificate-transparency-go/asn1" @@ -479,8 +480,12 @@ func extract(extSAN pkix.Extension) ([]string, error) { if err != nil { return nil, fmt.Errorf("failed to parse subjectAltName extension item: %v", err) } - - sans = append(sans, string(val.Bytes)) + san := string(val.Bytes) + if strings.Contains(san, "\n") { + // new-line would be bad for our data set because it is line-terminated + return nil, fmt.Errorf("found SAN that contains new line: %x", val.Bytes) + } + sans = append(sans, san) } return sans, nil } |