suffix length config
Change-Id: Ic1fd46a7d9b21a342cd9bf693169dc5df34fc651
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index 15c3055..82f0eec 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp
@@ -301,7 +301,9 @@
// verify the self-signed certificate, the request, and the token
if (!m_config.m_caPrefix.isPrefixOf(clientCert->getName()) // under ca prefix
|| !security::v2::Certificate::isValidName(clientCert->getName()) // is valid cert name
- || clientCert->getName().size() < m_config.m_caPrefix.size() + IS_SUBNAME_MIN_OFFSET) {
+ || clientCert->getName().size() < m_config.m_caPrefix.size() + IS_SUBNAME_MIN_OFFSET
+ || clientCert->getName().size() >
+ m_config.m_caPrefix.size() + IS_SUBNAME_MIN_OFFSET - 1 + m_config.m_maxSuffixLength) {
_LOG_ERROR("Invalid self-signed certificate name " << clientCert->getName());
return;
}
@@ -330,7 +332,9 @@
// verify the certificate
if (!m_config.m_caPrefix.isPrefixOf(clientCert->getName()) // under ca prefix
|| !security::v2::Certificate::isValidName(clientCert->getName()) // is valid cert name
- || clientCert->getName().size() < m_config.m_caPrefix.size() + IS_SUBNAME_MIN_OFFSET) {
+ || clientCert->getName().size() < m_config.m_caPrefix.size() + IS_SUBNAME_MIN_OFFSET
+ || clientCert->getName().size() >
+ m_config.m_caPrefix.size() + IS_SUBNAME_MIN_OFFSET - 1 + m_config.m_maxSuffixLength) {
_LOG_ERROR("Invalid certificate name " << clientCert->getName());
return;
}