From 5ce81d77f5ede0cb855c232196abd6739388af86 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Sat, 18 Mar 2023 14:09:32 +0100 Subject: check that sans don't contain new lines --- internal/x509/x509.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'internal') diff --git a/internal/x509/x509.go b/internal/x509/x509.go index 949199d..ce4be0c 100644 --- a/internal/x509/x509.go +++ b/internal/x509/x509.go @@ -401,6 +401,7 @@ package x509 import ( "fmt" + "strings" ct "github.com/google/certificate-transparency-go" "github.com/google/certificate-transparency-go/asn1" @@ -479,8 +480,12 @@ func extract(extSAN pkix.Extension) ([]string, error) { if err != nil { return nil, fmt.Errorf("failed to parse subjectAltName extension item: %v", err) } - - sans = append(sans, string(val.Bytes)) + san := string(val.Bytes) + if strings.Contains(san, "\n") { + // new-line would be bad for our data set because it is line-terminated + return nil, fmt.Errorf("found SAN that contains new line: %x", val.Bytes) + } + sans = append(sans, san) } return sans, nil } -- cgit v1.2.3