On Tue, Feb 21, 2023 at 03:07:00AM +0100, Theo Buehler wrote: > By design of d2i, it's the caller's responsibility to check a DER object > has been fully consumed. We read files from the disk, check hashes, > parse and validate the DER we encounter, but we do not make sure that > nothing follows the DER blob we parsed. > > As Job noticed, it is possible to append data to a CRL and still have > a manifest display "Validation: OK" in file mode. This is partly > possible due to the fact that filemode has a rather lax notion of > validity (since it is an inspection tool), but also due to these > missing checks. > > The diff below checks for !=. Barring bugs in ASN1_item_d2i() (unheard > of!), only the < case should be possible, but it seems better to allow > for > as well. I guess we could assert <=.
OK job@ ps. If there are 'bytes trailing garbage' on an *.mft discovered in the DIR_VALID storage area, would a more pristine version of the MFT in DIR_TEMP be ignored?
